[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#2) Prelim in-kernel file system auditing support



--- Valdis Kletnieks vt edu wrote:

> On Tue, 25 Jan 2005 09:40:00 PST, Casey Schaufler
> said:
> 
> > What are the implications regarding a chroot
> > environment? I can imagine (although it strikes
> > me as somewhat insane) an admin wanting to audit
> > everything that goes on in a chroot environment,
> > say for a honeypot. The watching would have to
> > be enabled from outside. Not a bad thing, but is
> > it what you want?
> 
> Well, from where I'm sitting, *if* you buy into the
> idea of
> a honeypot as being sane, you *definitely* want to
> be able
> to enable auditing from "outside".

Clearly. Are there any cases where it makes
sense for it to be done from inside? If not,
looking at "/" might be fine.


=====
Casey Schaufler
casey schaufler-ca com


		
__________________________________ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]