Hosting Provided By

RE: process accounting

From: Avery Buffington <avery.buffington(at)fxfn.com>
Date: Wed May 28 2003 - 11:44:32 EDT

with grsecurity and "CONFIG_GRKERNSEC_EXECLOG" enabled you'll get the command, args, and remote ip logged like:

May 27 16:21:20 HOSTNAME kernel: grsec: From IP_ADDR: exec of /bin/ls (ls --color=tty -a -l -t --color=none ) by (bash:6321) UID(253) EUID(253), parent (bash:17991) UID(253) EUID(253)

This snip is from running: 'ls -a -l -t --color=none' Received on Wed May 28 12:18:58 2003

This message: [ Message body ]
Next message: Axel de Kimpe: "RE: more on linux hardening"
Previous message: Michael E. Smoot: "Re: more on linux hardening (fwd)"
Maybe in reply to: Vladislav Tchernev: "process accounting"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:20 EDT