Layering an IDS on Linux - prepwork
Steve G
linux_4ever at yahoo.com
Mon Aug 6 00:30:54 UTC 2007
>It would even be nice if there was a "a program dumped core. Can I send a
backtrace
>to the distro vendor?" program that would allow fedora (and others) to get
> statistical information about where the most common crashes happen.
That would be easy to add as a plugin to the audit event dispatcher. All it would
have to do is filter on the ANOM_ABEND event type and then do further analysis.
There is an example filter program here: /usr/share/doc/audit-1.5.6/skeleton.c
that could be used as the basis for this kind of tool.
Right now the audit event dispatcher only supports one plugin. audispd is being
rewritten so that many plugins could be written besides setroubleshoot that do
realtime analysis of events.
-Steve
____________________________________________________________________________________
Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
More information about the fedora-devel-list
mailing list