We've just released version 0.9 of SNARE (System
iNtrusion Analysis and Reporting Environment).
SNARE is a C2-style auditing subsystem for Linux (a
little like the Windows Event Log, the Solaris C2 BSM
subsystem). A lot of government agencies require
auditing capabilities of this nature, and so we're
hoping that the inclusion of this sort of auditing will
play a small part in pushing Linux into government some
more.
There have been a couple of people that have mentioned
that it would be great to have SNARE integrated (as a
module) into FOLK, with an eventual goal of including
the kernel module into the 2.5 release tree.
If you're interested in including SNARE into FOLK, have
a look at
http://www.intersectalliance.com/projects/index.html and
let me know if you think it's worth integrating into
FOLK, and what assistance I can offer if you see it as
worthwhile.
Leigh. (see
http://www.intersectalliance.com/contact.html for
contact info)