git.baikalelectronics.ru Git - kernel.git/commit

author	Steve Grubb <sgrubb redhat com>
	Fri, 19 Jan 2007 19:39:55 +0000 (14:39 -0500)
committer	Al Viro <viro@zeniv.linux.org.uk>
	Sun, 18 Feb 2007 02:30:12 +0000 (21:30 -0500)
commit	9b4563c5dac8ec01b9162ac70cfadc1195e41932
tree	b3e80a8147101db29dcc18596ea20b1fcbeef6ad	tree \| snapshot
parent	8077d9758c4ccdfe74b0742f296932bb004fe875	commit \| diff

[PATCH] audit config lockdown

The following patch adds a new mode to the audit system. It uses the
audit_enabled config option to introduce the idea of audit enabled, but
configuration is immutable. Any attempt to change the configuration
while in this mode is audited. To change the audit rules, you'd need to
reboot the machine.

To use this option, you'd need a modified version of auditctl and use "-e 2".
This is intended to go at the end of the audit.rules file for people that
want an immutable configuration.

This patch also adds "res=" to a number of configuration commands that did not
have it before.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>