diff options
| -rw-r--r-- | include/linux/audit.h | 7 | ||||
| -rw-r--r-- | net/core/dev.c | 7 |
2 files changed, 13 insertions, 1 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index d760430c8de3..1c47c59058c1 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -35,7 +35,8 @@ | |||
| 35 | * 1400 - 1499 SE Linux use | 35 | * 1400 - 1499 SE Linux use |
| 36 | * 1500 - 1599 kernel LSPP events | 36 | * 1500 - 1599 kernel LSPP events |
| 37 | * 1600 - 1699 kernel crypto events | 37 | * 1600 - 1699 kernel crypto events |
| 38 | * 1700 - 1999 future kernel use (maybe integrity labels and related events) | 38 | * 1700 - 1799 kernel anomaly records |
| 39 | * 1800 - 1999 future kernel use (maybe integrity labels and related events) | ||
| 39 | * 2000 is for otherwise unclassified kernel audit messages (legacy) | 40 | * 2000 is for otherwise unclassified kernel audit messages (legacy) |
| 40 | * 2001 - 2099 unused (kernel) | 41 | * 2001 - 2099 unused (kernel) |
| 41 | * 2100 - 2199 user space anomaly records | 42 | * 2100 - 2199 user space anomaly records |
| @@ -90,6 +91,10 @@ | |||
| 90 | #define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */ | 91 | #define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */ |
| 91 | #define AUDIT_MAC_CONFIG_CHANGE 1405 /* Changes to booleans */ | 92 | #define AUDIT_MAC_CONFIG_CHANGE 1405 /* Changes to booleans */ |
| 92 | 93 | ||
| 94 | #define AUDIT_FIRST_KERN_ANOM_MSG 1700 | ||
| 95 | #define AUDIT_LAST_KERN_ANOM_MSG 1799 | ||
| 96 | #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ | ||
| 97 | |||
| 93 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ | 98 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ |
| 94 | 99 | ||
| 95 | /* Rule flags */ | 100 | /* Rule flags */ |
diff --git a/net/core/dev.c b/net/core/dev.c index 2afb0de95329..e9f84a66ce81 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
| @@ -115,6 +115,7 @@ | |||
| 115 | #include <net/iw_handler.h> | 115 | #include <net/iw_handler.h> |
| 116 | #endif /* CONFIG_NET_RADIO */ | 116 | #endif /* CONFIG_NET_RADIO */ |
| 117 | #include <asm/current.h> | 117 | #include <asm/current.h> |
| 118 | #include <linux/audit.h> | ||
| 118 | 119 | ||
| 119 | /* | 120 | /* |
| 120 | * The list of packet types we will receive (as opposed to discard) | 121 | * The list of packet types we will receive (as opposed to discard) |
| @@ -2120,6 +2121,12 @@ void dev_set_promiscuity(struct net_device *dev, int inc) | |||
| 2120 | printk(KERN_INFO "device %s %s promiscuous mode\n", | 2121 | printk(KERN_INFO "device %s %s promiscuous mode\n", |
| 2121 | dev->name, (dev->flags & IFF_PROMISC) ? "entered" : | 2122 | dev->name, (dev->flags & IFF_PROMISC) ? "entered" : |
| 2122 | "left"); | 2123 | "left"); |
| 2124 | audit_log(current->audit_context, GFP_ATOMIC, | ||
| 2125 | AUDIT_ANOM_PROMISCUOUS, | ||
| 2126 | "dev=%s prom=%d old_prom=%d auid=%u", | ||
| 2127 | dev->name, (dev->flags & IFF_PROMISC), | ||
| 2128 | (old_flags & IFF_PROMISC), | ||
| 2129 | audit_get_loginuid(current->audit_context)); | ||
| 2123 | } | 2130 | } |
| 2124 | } | 2131 | } |
| 2125 | 2132 | ||