Re: library/executable image

From: Fabrice MARIE (fabriceat_private)
Date: Sun Mar 23 2003 - 22:00:23 PST

Next message: Martin Mačok: "Re: Detecting abnormal behaviour"

Previous message: Jose Nazario: "Re: Detecting abnormal behaviour"
In reply to: Adrian S: "library/executable image"
Next in thread: Adam Gilmore: "RE: library/executable image"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday 24 March 2003 01:47, Adrian S wrote:
> Hi,
> Other than identifying the path & PID, what is the other proactive  way
> to detect unauthorised execution of library/executable image ?

On Linux, install RSBAC: http://www.rsbac.org/
You can _enforce_ and/or _detect_ it's up to you.
On other unix, they have similar stuff.

Have a nice day,

Fabrice.
--
Fabrice MARIE

"Silly hacker, root is for administrators"
       -Unknown

Next message: Martin Mačok: "Re: Detecting abnormal behaviour"
Previous message: Jose Nazario: "Re: Detecting abnormal behaviour"
In reply to: Adrian S: "library/executable image"
Next in thread: Adam Gilmore: "RE: library/executable image"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 24 2003 - 10:08:43 PST