aboutsummaryrefslogtreecommitdiffstats
path: root/net/core
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb@redhat.com>2005-12-03 08:39:35 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2006-03-20 14:08:55 -0500
commit5bdb98868062c1b14025883049551af343233187 (patch)
tree1f15c49cf4c9535bb3897d5fedbe78b3a7651410 /net/core
parenta6c043a887a9db32a545539426ddfc8cc2c28f8f (diff)
[PATCH] promiscuous mode
Hi, When a network interface goes into promiscuous mode, its an important security issue. The attached patch is intended to capture that action and send an event to the audit system. The patch carves out a new block of numbers for kernel detected anomalies. These are events that may indicate suspicious activity. Other examples of potential kernel anomalies would be: exceeding disk quota, rlimit violations, changes to syscall entry table. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'net/core')
-rw-r--r--net/core/dev.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/net/core/dev.c b/net/core/dev.c
index 2afb0de95329..e9f84a66ce81 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -115,6 +115,7 @@
115#include <net/iw_handler.h> 115#include <net/iw_handler.h>
116#endif /* CONFIG_NET_RADIO */ 116#endif /* CONFIG_NET_RADIO */
117#include <asm/current.h> 117#include <asm/current.h>
118#include <linux/audit.h>
118 119
119/* 120/*
120 * The list of packet types we will receive (as opposed to discard) 121 * The list of packet types we will receive (as opposed to discard)
@@ -2120,6 +2121,12 @@ void dev_set_promiscuity(struct net_device *dev, int inc)
2120 printk(KERN_INFO "device %s %s promiscuous mode\n", 2121 printk(KERN_INFO "device %s %s promiscuous mode\n",
2121 dev->name, (dev->flags & IFF_PROMISC) ? "entered" : 2122 dev->name, (dev->flags & IFF_PROMISC) ? "entered" :
2122 "left"); 2123 "left");
2124 audit_log(current->audit_context, GFP_ATOMIC,
2125 AUDIT_ANOM_PROMISCUOUS,
2126 "dev=%s prom=%d old_prom=%d auid=%u",
2127 dev->name, (dev->flags & IFF_PROMISC),
2128 (old_flags & IFF_PROMISC),
2129 audit_get_loginuid(current->audit_context));
2123 } 2130 }
2124} 2131}
2125 2132