[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auditing file access



> 
> On Sun, 30 Sep 2001, Shachar Shemesh wrote:
> 
> > Syslogtrack - a haifux project. mulix, I believe, is one of the
> > maintainers. I don't know any further detail, though.
> 
> and provided you're ready to use alpha-level software ;)
> 
> actually, only now i got user-defined logging format to work. until now,
> the log did not contain pid and command name. the problem, thought is
> that we log syscall parameters, so if a syscall gave a relative file path
> (e.g. open("../../logdata", O_RDWR) ) - the log won't help you much,
> unless you also log any 'chdir' calls... which complicates issues
> greatly..). further, our code does logging using printf, which causes load
> if you're logging a lot of information.
> 


If I understand you correctly then printf causes more load then other 
alternatives. What other alternatives are there, why printf causes more load 
and why have you choose to use it?


> if you are somehow still interested, please check
> http://syscalltrack.sf.net/, and/or email me privately.
> 
> you might also check medusa DS9 - its a kernel patch and user-level utils
> for security issues - they might have what you need -
> http://medusa.fornax.sk . it looks like that also got a nice logging
> facility, and their product is certainly more mature.
> 


How are the features of your project compared to medusa?

How is your project compared to the "kernel auditing facility" that was 
mentioned here by Herouth Maoz?


> hope this helps,
> 
> --
> guy
> 
> "For world domination - press 1,
>  or dial 0, and please hold, for the creator." -- nob o. dy
> 
> 
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
> 

-- 

	Shaul Karl <shaulka@bezeqint.net>



-- 

	Shaul Karl <shaulka@bezeqint.net>



=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il