RE: process accounting

From: Avery Buffington (avery.buffington_at_fxfn.com)
Date: 05/28/03

  • Next message: Gergely Czuczy: "Re: Process Accounting"
    Date: Wed, 28 May 2003 10:44:32 -0500
    To: <focus-linux@securityfocus.com>
    

    with grsecurity and "CONFIG_GRKERNSEC_EXECLOG" enabled you'll get the command, args, and remote ip logged like:

    May 27 16:21:20 HOSTNAME kernel: grsec: From IP_ADDR: exec of /bin/ls (ls --color=tty -a -l -t --color=none ) by (bash:6321) UID(253) EUID(253), parent (bash:17991) UID(253) EUID(253)

    This snip is from running: 'ls -a -l -t --color=none'


  • Next message: Gergely Czuczy: "Re: Process Accounting"