Re: How to intercept sys_exit()...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 08, 2004 at 07:17:17PM +0900, aq wrote:
> 
> I meant that in order to implement your method, auditd must be
> compiled into the kernel. So far very few kernels from vendors support
> auditd out of the box.

Both Red hat and SuSE have this (or similar) on for sure

> Then the user must recompile the kernel
> themselves to support auditd --> I think that is not always desired.

if the user wants auditing... why not?
having a dodgy module doing a syscall override is actually more insecure ;)

--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/


[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux