Re: commandlogging

To: debian security list <debian-security@lists.debian.org>
Subject: Re: commandlogging
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Mon, 5 Mar 2001 13:42:03 -0400
Message-id: <[🔎] 20010305134202.D14358@llama.nslug.ns.ca>
In-reply-to: <[🔎] 20010305091236.Q21725@nyongwa.montreal.qc.ca>; from steven.robbins@videotron.ca on Mon, Mar 05, 2001 at 09:12:36AM -0500
References: <[🔎] Pine.LNX.4.21.0103051023310.26928-100000@ncp-s1.ncp.ericsson.se> <[🔎] 20010305091236.Q21725@nyongwa.montreal.qc.ca>

On Mon, Mar 05, 2001 at 09:12:36AM -0500, Steve M. Robbins wrote:
> There is a package "snoopy" that uses a preloaded shared library to
> log each "exec()" call before performing it.  If it is not yet in
> Debian, you can get a package from
> 
> 	deb-src http://www.punknews.org/debian ./

 If someone wanted to, they could run commands without them getting logged
by snoopy.  All you need to do is statically link the program that calls exec.
It would probably be easy to put a printk in the kernel's execve() handler,
though, and AFAIK that would get everything.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to:

References:
- commandlogging
  - From: Niklas Höglund <Niklas.Hoglund@etx.ericsson.se>
- Re: commandlogging
  - From: "Steve M. Robbins" <steven.robbins@videotron.ca>

Prev by Date: Re: [OT] install openssh 2.5.x
Next by Date: Re: promiscuous eth0
Previous by thread: Re: commandlogging
Next by thread: Kernel 2.2.15 hole ?
Index(es):
- Date
- Thread