Re: [logs] adduser log

• Previous message: Paul D. Robertson: "Re: [logs] adduser log"
• In reply to: Paul D. Robertson: "Re: [logs] adduser log"
• Next in thread: Tom Perrine: "Re: [logs] adduser log"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

why reinvent the wheel? systrace for linux exists:

	http://www.citi.umich.edu/u/provos/systrace/linux.html

you simply permit all things and permit with logging on execve calls. you
have to systrace wrap everything, tho, but its not that hard to do. you
launch any parent shell/process with systrace and any children will
inherit. we've been doing this for a while on bsd and it's a nice system.

also, BSD adduser logs. rmuser doesn't tho :/ (C code vs perl script.)
maybe steal from there.

___________________________
jose nazario, ph.d.			joseat_private
					http://www.monkey.org/~jose/
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Tom Perrine: "Re: [logs] adduser log"
• Previous message: Paul D. Robertson: "Re: [logs] adduser log"
• In reply to: Paul D. Robertson: "Re: [logs] adduser log"
• Next in thread: Tom Perrine: "Re: [logs] adduser log"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 22 2003 - 11:12:48 PST