Re: process accounting
From: Gergely Czuczy (phoemix_at_harmless.hu)
Date: 05/28/03
- Previous message: bmanning_at_karoshi.com: "Re: more on linux hardening"
- In reply to: mark.securityfocus_at_winksmith.com: "Re: process accounting"
- Next in thread: mark.securityfocus_at_winksmith.com: "Re: process accounting"
- Reply: mark.securityfocus_at_winksmith.com: "Re: process accounting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 May 2003 16:57:23 +0200 (CEST) To: mark@winksmith.com
you're not absolutely right. there are ways to log _everything_. by now,
i'm using grsecurity for a while and there are logging capabilities for
everything, chroots, chdirs, execve calls, (un)mounts, and so on.
btw, patching the shell is not a good idea, a user can a command from (for
example) mc, or any other programs, in theses cases execve() is not called
by the shall. and the user also can change its shell.
i suggest appling a grsecurity patch for the kernel, it's a very good way
to trace user activities, but it will make a minimum of 3-5MB syslog every
day(uncompressed).
Bye,
Gergely Czuczy
mailto: phoemix@harmless.hu
PGP pubkey: http://phoemix.harmless.hu/phoemix.pgp
iRCNet: #demoscene ICQ: 8067175
The point is, that geeks are not necessarily the outcasts
society often believes they are. The fact is that society
isn't cool enough to be included in our activities.
- Previous message: bmanning_at_karoshi.com: "Re: more on linux hardening"
- In reply to: mark.securityfocus_at_winksmith.com: "Re: process accounting"
- Next in thread: mark.securityfocus_at_winksmith.com: "Re: process accounting"
- Reply: mark.securityfocus_at_winksmith.com: "Re: process accounting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
