[linux-security] Re: You got some 'splaininn to do Lucy ;-)

[John Summerfield <summer OS2 ami com au>]

> 
> 
> "R. DuFresne" wrote:
> > 
> > I don't know, isn't process auditing more useful for insiders doing hacks
> > to the system then outsiders?  PRocess auditing is one way time shared
> > systems track useage data so as to help charge effectively, and to track
> > buggy apps and those insiders trying to hack up to a user level they are
> > not given on the system.
> 
> There's two different systems - almost all Unix[-like] systems (inc Redhat)

<snip>

> 
> System call auditing is much more detailed - every goddamn system call a
> process makes is recorded (well, usually it's configurable exactly what
> system calls are audited).  It is *only* useful for security purposes. 

Nix.

I've used equivalent information on OS/VS (pre MVS) to summarise 
system-call usage & disk accesses as an aid to tuning computer systems and 
applications. It's very useful knowing which files are taking the hits; 
they can be moved to different drives or (on OS/VS) made adjacent on the 
disk.

Knowing what system calls were being used, we could make intelligent 
decisions about those that had to be in fixed or virtual storage, or could 
be loaded from disk on demand.

Security in those days (punched cards) was effected by locks on doors.


I suspect that this logging on Unix was driven by similar needs.


-- 
Cheers
John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.