16 Jan 2007 11:41
Re: logging command arguments
kang <kang <at> rsbac.org>
2007-01-16 10:41:41 GMT
2007-01-16 10:41:41 GMT
Hrvoje Marjanovic wrote: > Hello, > > I am wondering if it is possible to log complete commands (together with > arguments) with RSBAC. > > When I log EXECUTE events on FILE target. I get the events logged, but > arguments are not logged, only command path, user, pid etc. > > Grsecurity has such a feature, but I don't think it is possible to patch > kernel with both grsecurity and rsbac. > > Hrvoje > It requires some hand patching but several people have successfully patched kernels with both RSBAC and GrSecurity (1). Note that a lot of functionality from GrSec's RBAC will overlap however. Additionally, I am not aware of any of the patches being available online. kang 1) http://www.rsbac.org/pipermail/rsbac/2005-August/001615.html
RSS Feed