[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#2) Prelim in-kernel file system auditing support

--- Valdis Kletnieks vt edu wrote:

> On Tue, 25 Jan 2005 09:40:00 PST, Casey Schaufler
> said:
> > What are the implications regarding a chroot
> > environment? I can imagine (although it strikes
> > me as somewhat insane) an admin wanting to audit
> > everything that goes on in a chroot environment,
> > say for a honeypot. The watching would have to
> > be enabled from outside. Not a bad thing, but is
> > it what you want?
> Well, from where I'm sitting, *if* you buy into the
> idea of
> a honeypot as being sane, you *definitely* want to
> be able
> to enable auditing from "outside".

Clearly. Are there any cases where it makes
sense for it to be done from inside? If not,
looking at "/" might be fine.

Casey Schaufler
casey schaufler-ca com

Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]