Re: Unix command-line _arguement_ signatures
Rafi Sadowsky (rafi@tavor.openu.ac.il)
Sat, 17 Sep 1994 22:54:22 +0200 (IST)
Brad Powell wrote:
>
>
> Richard,
> have you thought about putting your statistic gathering wrapper is
> something like ld.so or libc?
> (assuming dynamic linking; which most OS's have now-a-days)
>
> Makes life much easier. I toyed witht the same idea but for a different
> purpose. I wanted a "tripwire" built into things like outgoing telnet
> and simple things like "ps" since we often see bad-guys running these
> programs.
> I just wanted to have a log of when user "bin" or "daemon" ran a ps(1)
> an ls(1) or whatever. :-)
>
> ld.so seemed like a good place since you could leave the standard programs
> intact, and do the info-gathering or logging from there.
>
> just a thought :-)
>
> =======================================================================
> Brad Powell : brad.powell@Sun.COM |
> |
> Full Time: Sr. Network Security Analyst |Part time: Cyberspace PI
> ENS Network Security Group | and Consultant
> Sun Microsystems Inc. |
> =======================================================================
> The views expressed are those of the author and may
> not reflect the views of Sun Microsystems Inc.
> =======================================================================
>
Just a thought - what happens when your "bad guy" bring in
(cleverly named) statically linked programs
--
+-------------------------------+---------------------------------------+
| Rafi Sadowsky | rafi@tavor.openu.ac.il |
| Comp.Sci. dept |-[also postmaster@openu.ac.il]---------+
| Open University of Israel | Voice: +972-3-6460592 |
| Tel-Aviv, Israel | Fax: +972-3-6460483 |
+-------------------------------+---------------------------------------+