Brad Powell wrote: > > > Richard, > have you thought about putting your statistic gathering wrapper is > something like ld.so or libc? > (assuming dynamic linking; which most OS's have now-a-days) > > Makes life much easier. I toyed witht the same idea but for a different > purpose. I wanted a "tripwire" built into things like outgoing telnet > and simple things like "ps" since we often see bad-guys running these > programs. > I just wanted to have a log of when user "bin" or "daemon" ran a ps(1) > an ls(1) or whatever. :-) > > ld.so seemed like a good place since you could leave the standard programs > intact, and do the info-gathering or logging from there. > > just a thought :-) > > ======================================================================= > Brad Powell : brad.powell@Sun.COM | > | > Full Time: Sr. Network Security Analyst |Part time: Cyberspace PI > ENS Network Security Group | and Consultant > Sun Microsystems Inc. | > ======================================================================= > The views expressed are those of the author and may > not reflect the views of Sun Microsystems Inc. > ======================================================================= > Just a thought - what happens when your "bad guy" bring in (cleverly named) statically linked programs -- +-------------------------------+---------------------------------------+ | Rafi Sadowsky | rafi@tavor.openu.ac.il | | Comp.Sci. dept |-[also postmaster@openu.ac.il]---------+ | Open University of Israel | Voice: +972-3-6460592 | | Tel-Aviv, Israel | Fax: +972-3-6460483 | +-------------------------------+---------------------------------------+