Re: Is this mail list dead?

[Pedro Rosa <Pedro.Rosa@ksu.ru>]

David L. Nicol wrote:

> 
> Adding a standard framework for providing audit data seems like
> it would be a small patch and might be accepted into Standard Kernel
> 
> Has L.T. said specifically that he is against including a framework
> for making audit info available?  "BSD Process Accounting" has been
> there quite a while; what more, if you  don't mind repeating what
> can surely be found with an hour of RTFMing, would be requiered, that
> BSD-PA does not provide, to have a C2-compliant audit trail?

Well, BSD-PA is far from being a desirable and stable system. One of the 
problems is that it does not report everything that happened on the 
machine. When a linux is heavily loaded by some process, BSD-PA starts 
getting amnesic. Besides, as any account system, it gives some overload 
on the machine and in some cases this gets quite undesirable for the 
user. And there are a few cases of serious crashes that surely can be 
blamed on the behaviour of BSD-PA, specially if a heavy cascade of 
processes is formed in short-time. The postmortem study of the logs and 
the state of the disks point to the fact that BSD sometimes gets in a 
run condition and freezes everything.

This was observed in 2.2 kernels. How's the state of affairs on 2.4 I 
can't say yet.

> 
Ektanoor

-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/