linux

History

Richard Guy Briggs c4dad0aab3 audit: tidy and extend netfilter_cfg x_tables NETFILTER_CFG record generation was inconsistent for x_tables and ebtables configuration changes. The call was needlessly messy and there were supporting records missing at times while they were produced when not requested. Simplify the logging call into a new audit_log_nfcfg call. Honour the audit_enabled setting while more consistently recording information including supporting records by tidying up dummy checks. Add an op= field that indicates the operation being performed (register or replace). Here is the enhanced sample record: type=NETFILTER_CFG msg=audit(1580905834.919:82970): table=filter family=2 entries=83 op=replace Generate audit NETFILTER_CFG records on ebtables table registration. Previously this was being done for x_tables registration and replacement operations and ebtables table replacement only. See: https://github.com/linux-audit/audit-kernel/issues/25 See: https://github.com/linux-audit/audit-kernel/issues/35 See: https://github.com/linux-audit/audit-kernel/issues/43 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>		2020-04-28 17:52:42 -04:00
..
ebt_802_3.c	netfilter: inline xt_hashlimit, ebt_802_3 and xt_physdev headers	2019-09-13 12:32:48 +02:00
ebt_among.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_arp.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_arpreply.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_dnat.c	bridge: ebtables: don't crash when using dnat target in output chains	2019-11-04 20:58:34 +01:00
ebt_ip6.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_ip.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_limit.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_log.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_mark_m.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_mark.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_nflog.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_pkttype.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_redirect.c	netfilter: bridge: convert skb_make_writable to skb_ensure_writable	2019-05-31 18:02:43 +02:00
ebt_snat.c	netfilter: bridge: convert skb_make_writable to skb_ensure_writable	2019-05-31 18:02:43 +02:00
ebt_stp.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebt_vlan.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13	2019-05-21 11:28:45 +02:00
ebtable_broute.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebtable_filter.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebtable_nat.c	treewide: Add SPDX license identifier for more missed files	2019-05-21 10:50:45 +02:00
ebtables.c	audit: tidy and extend netfilter_cfg x_tables	2020-04-28 17:52:42 -04:00
Kconfig	netfilter: bridge: make NF_TABLES_BRIDGE tristate	2019-07-19 18:08:14 +02:00
Makefile	netfilter: nft_meta: move bridge meta keys into nft_meta_bridge	2019-07-05 21:34:47 +02:00
nf_conntrack_bridge.c	ipv4: fix IPSKB_FRAG_PMTU handling with fragmentation	2019-10-21 10:46:42 -07:00
nf_log_bridge.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
nft_meta_bridge.c	netfilter: nft_meta_bridge: Fix get NFT_META_BRI_IIFVPROTO in network byteorder	2019-08-30 02:49:04 +02:00
nft_reject_bridge.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00