Re: [logs] adduser log

From: Bennett Todd (betat_private)
Date: Wed Jan 22 2003 - 07:11:46 PST

  • Next message: Paul D. Robertson: "Re: [logs] adduser log"

    2003-01-21T20:14:20 Paul D. Robertson:
    > So, I could offer up a module that logs all execve() calls to     
    > klogd in a few days (I'd want to test it for 3-4 days continuosly 
    > since it's kernel memory before handing it out,) and you could    
    > play from there, anything else takes more time and research than  
    > I have free at the moment.                                        
    I'd like that. I'd use that. I think that ought to be submitted for
    inclusion in the stock Linux kernel, it's so useful.
    > I'd expect that to generate *lots* of log data though, so it's
    > probably not all that useful.  If we nuked logging /bin/sh it
    > might not be all that horrendous though...
    Why special-case anything. Logging the invoking pid, [e]uid, gids,
    cmd, argv, and env is far, far less work than implementing an exec,
    so the performance impact should be small.

    _______________________________________________ LogAnalysis mailing list LogAnalysisat_private

    This archive was generated by hypermail 2b30 : Wed Jan 22 2003 - 09:57:37 PST