Re: Layering an IDS on Linux - prepwork

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>It would even be nice if there was a "a program dumped core. Can I send a
backtrace
>to the distro vendor?" program that would allow fedora (and others) to get
> statistical information about where the most common crashes happen.

That would be easy to add as a plugin to the audit event dispatcher. All it would
have to do is filter on the ANOM_ABEND event type and then do further analysis.
There is an example filter program here: /usr/share/doc/audit-1.5.6/skeleton.c
that could be used as the basis for this kind of tool. 

Right now the audit event dispatcher only supports one plugin. audispd is being
rewritten so that many plugins could be written besides setroubleshoot that do
realtime analysis of events.

-Steve


       
____________________________________________________________________________________
Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow  

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux