Re: library/executable image

From: Fabrice MARIE (fabrice@fma.homelinux.com)
Date: 03/24/03

  • Next message: Martin Mačok: "Re: Detecting abnormal behaviour" 
    From: Fabrice MARIE <fabrice@fma.homelinux.com>
To: Adrian S <hotelectron@hotmail.com>, vuln-dev@securityfocus.com
Date: Mon, 24 Mar 2003 14:00:23 +0800

    On Monday 24 March 2003 01:47, Adrian S wrote:
    > Hi,
    > Other than identifying the path & PID, what is the other proactive way
    > to detect unauthorised execution of library/executable image ?

    On Linux, install RSBAC: http://www.rsbac.org/
    You can _enforce_ and/or _detect_ it's up to you.
    On other unix, they have similar stuff.

    Have a nice day,

    Fabrice. 

    --
Fabrice MARIE
"Silly hacker, root is for administrators"
       -Unknown
  • Next message: Martin Mačok: "Re: Detecting abnormal behaviour"

    Relevant Pages

    • Re: Creating PID file
      ... If the description is nonsense to you, ... I need the script to determine its own pid, then write that to a file. ... If this is your general attitude in mailing lists I would not be ... That is not a concept unique to Unix, and had you explained things in that way you would have had a lot more group members on side and willing to help. ...
      (perl.beginners)
    • Re: OFF TOPIC: Unix in a Nutshell Orielly 3rd edition
      ... >> I would love to know of a description of the Unix ... on the 'kernel' side of the OS, ... against Primates, some of my best friends are Primates. ... hence is PID 0, or we will see it in other ways, but ...
      (perl.beginners)
    • Re: Chiusura forzata dalle applicazioni a volte non funziona
      ... Il 14/07/11 16.52, Jack ha scritto: ... sig di default in genere -15 ma dipende dallo Unix sottostante ... kill -9 manda un SIGKILL che è inarrestabile e tira giu tutto a partire dal PID e che io sappia funziona allo stesso modo su tutti gli Unix ...
      (it.comp.macintosh)
    • Re: Read input file and pass the value as parameter recursively
      ... #Get the value of PID into database table TAB2 ... table TAB1 and don't exist into Unix server ... #and generate FILE3 ... parameter to another sql statement and generate FILE4. ...
      (comp.unix.shell)
    • Re: Oracle shadow process parent id of 1
      ... parent id is the pid of UNIX process who made connection to ... > Somehow, in Oracle 10.1.0.4 on my HP unix machine, parent process id is ... In fact the second sqlplus ...
      (comp.databases.oracle.server)