[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auditing file access
- To: guy keren <choo(at-nospam)actcom.co.il>
- Subject: Re: auditing file access
- From: Shaul Karl <shaulka(at-nospam)bezeqint.net>
- Date: Mon, 01 Oct 2001 01:30:06 +0200
- cc: Shachar Shemesh <linuxil(at-nospam)consumer.org.il>, Ira Abramov <lists-linux-il(at-nospam)ira.scso.com>, IGLU Mailing list <linux-il(at-nospam)iglu.org.il>
- Delivered-To: iglu.org.il-linux-il@iglu.org.il
- In-Reply-To: Message from guy keren <choo@actcom.co.il> of "Sun, 30 Sep 2001 20:17:27 +0200." <Pine.GSU.4.30_heb2.09.0109301955170.11731-100000@actcom.co.il>
- References: <Pine.GSU.4.30_heb2.09.0109301955170.11731-100000@actcom.co.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
>
> On Sun, 30 Sep 2001, Shachar Shemesh wrote:
>
> > Syslogtrack - a haifux project. mulix, I believe, is one of the
> > maintainers. I don't know any further detail, though.
>
> and provided you're ready to use alpha-level software ;)
>
> actually, only now i got user-defined logging format to work. until now,
> the log did not contain pid and command name. the problem, thought is
> that we log syscall parameters, so if a syscall gave a relative file path
> (e.g. open("../../logdata", O_RDWR) ) - the log won't help you much,
> unless you also log any 'chdir' calls... which complicates issues
> greatly..). further, our code does logging using printf, which causes load
> if you're logging a lot of information.
>
If I understand you correctly then printf causes more load then other
alternatives. What other alternatives are there, why printf causes more load
and why have you choose to use it?
> if you are somehow still interested, please check
> http://syscalltrack.sf.net/, and/or email me privately.
>
> you might also check medusa DS9 - its a kernel patch and user-level utils
> for security issues - they might have what you need -
> http://medusa.fornax.sk . it looks like that also got a nice logging
> facility, and their product is certainly more mature.
>
How are the features of your project compared to medusa?
How is your project compared to the "kernel auditing facility" that was
mentioned here by Herouth Maoz?
> hope this helps,
>
> --
> guy
>
> "For world domination - press 1,
> or dial 0, and please hold, for the creator." -- nob o. dy
>
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>
--
Shaul Karl <shaulka@bezeqint.net>
--
Shaul Karl <shaulka@bezeqint.net>
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il