[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auditing file access




On Sun, 30 Sep 2001, Shachar Shemesh wrote:

> Syslogtrack - a haifux project. mulix, I believe, is one of the
> maintainers. I don't know any further detail, though.

and provided you're ready to use alpha-level software ;)

actually, only now i got user-defined logging format to work. until now,
the log did not contain pid and command name. the problem, thought is
that we log syscall parameters, so if a syscall gave a relative file path
(e.g. open("../../logdata", O_RDWR) ) - the log won't help you much,
unless you also log any 'chdir' calls... which complicates issues
greatly..). further, our code does logging using printf, which causes load
if you're logging a lot of information.

if you are somehow still interested, please check
http://syscalltrack.sf.net/, and/or email me privately.

you might also check medusa DS9 - its a kernel patch and user-level utils
for security issues - they might have what you need -
http://medusa.fornax.sk . it looks like that also got a nice logging
facility, and their product is certainly more mature.

hope this helps,

--
guy

"For world domination - press 1,
 or dial 0, and please hold, for the creator." -- nob o. dy


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il