[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Layering an IDS on Linux - prepwork



>It would even be nice if there was a "a program dumped core. Can I send a
backtrace
>to the distro vendor?" program that would allow fedora (and others) to get
> statistical information about where the most common crashes happen.

That would be easy to add as a plugin to the audit event dispatcher. All it would
have to do is filter on the ANOM_ABEND event type and then do further analysis.
There is an example filter program here: /usr/share/doc/audit-1.5.6/skeleton.c
that could be used as the basis for this kind of tool. 

Right now the audit event dispatcher only supports one plugin. audispd is being
rewritten so that many plugins could be written besides setroubleshoot that do
realtime analysis of events.

-Steve


       
____________________________________________________________________________________
Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow  


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]