Re: Unix command-line _arguement_ signatures

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: ramartin@ccgate.hac.com: "Receipt of Tuesday, August 23, 1994 10:01:25 AM message"
• Previous message: Brad Powell: "Re: Unix command-line _arguement_ signatures"
• Maybe in reply to: Richard A Childers: "Unix command-line _arguement_ signatures"

>You want the vendor to do it right by capturing the relevant data as close to
>the kernel as possible.

possibly in ld.so ?  :-)

This is (sort of) related to work I've been doing, but for a different
reason. :-)

I'm looking to be able to capture/log information about command
usage.

Things like when user "daemon" or "bin" uses telnet(1) or ls(1) I want
to *know* about it.

Tracking intrusions is the main reason for this sort of "tripwire" program.

I also want the ability to wraper programs against an access control list
on a user-by-user basis. e.g. user "bpowell" is allowed to use ps(1)
but user "foo" isn't.

putting it into ld.so has the advantage of being able to leave the "generic"
programs intact.

just a thought,

=======================================================================
Brad Powell : brad.powell@Sun.COM        | 
                                         |
Full Time: Sr. Network Security Analyst  |Part time: Cyberspace PI
           ENS Network Security Group    |           and Consultant
           Sun Microsystems Inc.         |
=======================================================================
               The views expressed are those of the author and may
                  not reflect the views of Sun Microsystems Inc.
=======================================================================

• Next message: ramartin@ccgate.hac.com: "Receipt of Tuesday, August 23, 1994 10:01:25 AM message"
• Previous message: Brad Powell: "Re: Unix command-line _arguement_ signatures"
• Maybe in reply to: Richard A Childers: "Unix command-line _arguement_ signatures"