Linux Security Summit 2015/Abstracts/Moore

From Linux Kernel Security Subsystem
Jump to navigation Jump to search

Title

Discussion: Rethinking Audit

Presenter

Paul Moore, Red Hat

Abstract

The kernel's audit subsystem is an interesting thing: it is a must have for many security conscious users, but it is largely unloved by kernel developers, even the security focused developers. Due to this lack of interest by kernel developers the kernel's audit code and interfaces have become a bit of a mess. This discussion topic will identify some of these problem areas for audit and present some possible solutions.