Re: [logs] adduser log

• Previous message: Mikael Olsson: "Re: [logs] syslog TCP discussion"
• In reply to: Paul D. Robertson: "Re: [logs] adduser log"
• Next in thread: Paul D. Robertson: "Re: [logs] adduser log"
• Reply: Paul D. Robertson: "Re: [logs] adduser log"
• Reply: Tom Perrine: "Re: [logs] adduser log"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2003-01-21T20:14:20 Paul D. Robertson:
> So, I could offer up a module that logs all execve() calls to     
> klogd in a few days (I'd want to test it for 3-4 days continuosly 
> since it's kernel memory before handing it out,) and you could    
> play from there, anything else takes more time and research than  
> I have free at the moment.                                        

I'd like that. I'd use that. I think that ought to be submitted for
inclusion in the stock Linux kernel, it's so useful.

> I'd expect that to generate *lots* of log data though, so it's
> probably not all that useful.  If we nuked logging /bin/sh it
> might not be all that horrendous though...

Why special-case anything. Logging the invoking pid, [e]uid, gids,
cmd, argv, and env is far, far less work than implementing an exec,
so the performance impact should be small.

-Bennett

• application/pgp-signature attachment: stored

• Next message: Paul D. Robertson: "Re: [logs] adduser log"
• Previous message: Mikael Olsson: "Re: [logs] syslog TCP discussion"
• In reply to: Paul D. Robertson: "Re: [logs] adduser log"
• Next in thread: Paul D. Robertson: "Re: [logs] adduser log"
• Reply: Paul D. Robertson: "Re: [logs] adduser log"
• Reply: Tom Perrine: "Re: [logs] adduser log"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 22 2003 - 09:57:37 PST