[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[linux-security] Re: You got some 'splaininn to do Lucy ;-)
- From: Adam Morris <Adam Morris onyx net>
- To: Stuart Staniford-Chen <stuart SiliconDefense com>
- Cc: linux-security redhat com
- Subject: [linux-security] Re: You got some 'splaininn to do Lucy ;-)
- Date: Fri, 30 Jul 1999 16:54:22 +0100 (BST)
-----BEGIN PGP SIGNED MESSAGE-----
On 29-Jul-99 Stuart Staniford-Chen wrote:
>
> System call auditing is much more detailed - every goddamn system call a
> process makes is recorded (well, usually it's configurable exactly what
> system calls are audited). It is *only* useful for security purposes.
> Commercial host based IDS systems use it. And yes, it's mainly useful for
> detecting illegal transitions to root.
>
Ahem... Actually, I have heard of it being used on some of the HP-UX 10.16
(CMW) machines for debugging. 10.16 is a version of HP-UX that has been
hardened. CMW is Compartmentalised Mode Workstation, and they are really
intended for use in military situations... The default levels are things like
Secret, Top Secret...
Essentially, similar information can be obtained by doing an strace on a
process.
Adam
- ----------------------------------
If this message isn't signed, it probably isn't me.
Adam Morris - Systems Engineer - Onyx Internet
Software, n.:
Formal evening attire for female computer analysts.
- ----------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBN6HKrTxztoTO1QFNAQFPowP/dqEj0hMh3HR/YefA4fVQc0Q4EZIac4tr
m2LWEXwsEtc6hRR3Wq0FzbimHvnEJwN5Zb0QA94OvH8AP89Y7V6PtcDB0mpFdUNz
qUPdgkLqZdmLDpUWWqL9jvpmrJTgHhcsqg9qCcBmvNqQUm1QJOsg7PHr8qIV1an4
EYPC8YQ+lEA=
=ZQ9P
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]