| View previous topic :: View next topic |
| Author |
Message |
little-beastie
n00b
Joined: 25 Apr 2005
Posts: 10
|
 Posted: Sun Oct 09, 2005 11:59 am Post subject: Simple auditing, BSD's lrexec like |
 |
|
Hi
I need to have very simple execve audtiting. On FreeBSD I used lrexec module, which gives
log like:
| Code: |
Aug 27 02:06:29 sas lrexec: sh(/bin/sh) [login=sokra pid=41179 ruid=0 euid=0 groups=0,0,5] -> rm(/bin/rm) [args: "rm" "./COPYRIGHT"]
Aug 27 02:06:29 sas lrexec: sh(/bin/sh) [login=sokra pid=41180 ruid=0 euid=0 groups=0,0,5] -> find(/usr/bin/find) [args: "find" "/var/tmp/temproot" "-type" "f" "-size" "+0"]
Aug 27 02:06:34 sas lrexec: csh [login=sokra pid=41182 ruid=0 euid=0 groups=0,0,5] -> w(/usr/bin/w) [args: "w"]
|
I found snoopy which uses LD_PRELOAD but I'd prefer kernel module solution. |
|
| Back to top |
|
 |
Janne Pikkarainen
Veteran
Joined: 29 Jul 2003
Posts: 1143
Location: Helsinki, Finland
|
| Posted: Sun Oct 09, 2005 12:07 pm Post subject: |
|
|
At least grsecurity can give you this kind of information. grsecurity is included in hardened-sources. It's up to you decide if grsecurity is overkill for you.
_________________
Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.". |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
