Re: LSM Documentation and/or examples

From: Stephen Smalley (sds@private)
Date: Fri Oct 28 2005 - 05:49:09 PDT

Previous message: Mark Bainter: "Re: LSM Documentation and/or examples"
In reply to: Mark Bainter: "LSM Documentation and/or examples"
Next in thread: Stephen Smalley: "Re: LSM Documentation and/or examples"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, 2005-10-27 at 15:46 -0500, Mark Bainter wrote:
> I'm looking to write a fairly simple (at least at first) module that I
> can use to just log all of the commands root executes on a machine.  I
> think LSM is probably the best way to handle this from what I've read
> so far, but I"m having trouble getting started.

It sounds like you would be better served by using the kernel audit
subsystem instead of writing a LSM for this purpose.  Use a recent 2.6
kernel and audit package, and look at auditctl and auditd.

-- 
Stephen Smalley
National Security Agency

Previous message: Mark Bainter: "Re: LSM Documentation and/or examples"
In reply to: Mark Bainter: "LSM Documentation and/or examples"
Next in thread: Stephen Smalley: "Re: LSM Documentation and/or examples"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Oct 28 2005 - 05:53:02 PDT