• Steve Grubb's avatar
    [PATCH] promiscuous mode · 5bdb9886
    Steve Grubb authored
    Hi,
    
    When a network interface goes into promiscuous mode, its an important security
    issue. The attached patch is intended to capture that action and send an
    event to the audit system.
    
    The patch carves out a new block of numbers for kernel detected anomalies.
    These are events that may indicate suspicious activity. Other examples of
    potential kernel anomalies would be: exceeding disk quota, rlimit violations,
    changes to syscall entry table.
    Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    5bdb9886
dev.c 80.3 KB