1210949 – RFE: audit device attach/detach events

Bug 1210949 - RFE: audit device attach/detach events

Summary: RFE: audit device attach/detach events

Keywords:
Status:	ASSIGNED
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Richard Guy Briggs
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://github.com/linux-audit/audit-...
Whiteboard:
Depends On:
Blocks:	967241
TreeView+	depends on / blocked

Reported:	2015-04-11 11:52 UTC by Paul Moore
Modified:	2021-03-11 14:20 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Paul Moore 2015-04-11 11:52:57 UTC

This BZ to track development of efforts to audit low level device attach/detach events; I anticipate the effort to be sub-divided into the following tasks:

#1 Hook the device layer to trigger audit record generation for device attach and detach events

#2 Develop a kernel audit API for device drivers to log driver/device specific metadata

#3 Instrument the USB drivers to leverage the metadata logging API, other drivers can be instrumented as time permits

#4 Update the audit userspace as needed to support the new audit record types

Comment 2 Paul Moore 2016-03-02 16:25:54 UTC

This is being tracked upstream via the following GitHub issue and feature page:

 * https://github.com/linux-audit/audit-kernel/issues/1
 * https://github.com/linux-audit/audit-kernel/wiki/RFE-Device-Auditing

Note You need to log in before you can comment on or make changes to this bug.