RE: process accounting

From: Avery Buffington (avery.buffington_at_fxfn.com)
Date: 05/28/03

Next message: Gergely Czuczy: "Re: Process Accounting"

Previous message: Mark: "Re: process accounting"
Maybe in reply to: Vladislav Tchernev: "process accounting"
Next in thread: Small, Jim: "RE: process accounting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 May 2003 10:44:32 -0500
To: <focus-linux@securityfocus.com>

with grsecurity and "CONFIG_GRKERNSEC_EXECLOG" enabled you'll get the command, args, and remote ip logged like:

May 27 16:21:20 HOSTNAME kernel: grsec: From IP_ADDR: exec of /bin/ls (ls --color=tty -a -l -t --color=none ) by (bash:6321) UID(253) EUID(253), parent (bash:17991) UID(253) EUID(253)

This snip is from running: 'ls -a -l -t --color=none'

Next message: Gergely Czuczy: "Re: Process Accounting"

Previous message: Mark: "Re: process accounting"
Maybe in reply to: Vladislav Tchernev: "process accounting"
Next in thread: Small, Jim: "RE: process accounting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]