On Thu, 8 May 2003, Tina Bird wrote: > anyone out there using solaris BSM? i need a couple of examples of > records of root user activity, and damned if i can find any data anywhere. > The 1998/1999 Lincoln Lab data from the DARPA intrusion detection evaluation program includes several simulated weeks of BSM data. You can download that from here: http://www.ll.mit.edu/IST/ideval/data/data_index.html (I worked in the project in 1998, but I wasn't working on the basic security module aspect of it.) It did appear that more people save BSM data than read it; some subset of kernel activity was apparently not being recorded - even with everything turned on. If memory serves me right, this subset included kernel reads and writes... ------ Sam Gorton | Skaion Corporation sgorton@grey-havens.net | (781) 396-1095 _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu May 08 2003 - 17:28:22 PDT