kang | 16 Jan 11:41 2007

Re: logging command arguments

Hrvoje Marjanovic wrote:
> Hello,
>
> I am wondering if it is possible to log complete commands (together with 
> arguments) with RSBAC.
>
> When I log EXECUTE events on FILE target. I get the events logged, but 
> arguments are not logged, only command path, user, pid etc.
>
> Grsecurity has such a feature, but I don't think it is possible to patch 
> kernel with both grsecurity and rsbac.
>
> Hrvoje
>   

It requires some hand patching but several people have successfully
patched kernels with both RSBAC and GrSecurity (1).
Note that a lot of functionality from GrSec's RBAC will overlap however.
Additionally, I am not aware of any of the patches being available online.

kang

1) http://www.rsbac.org/pipermail/rsbac/2005-August/001615.html

Gmane