Subject: security / kernel event logging for future netbsd?
To: None <current-users@NetBSD.org>
From: Tariq Rashid <firstname.lastname@example.org>
Date: 06/13/2005 12:22:09
hi - i'm currently looking at fine-grained kernel/security event logging
mechanisms for netbsd ...
* i'm looking at systems like Solaris's BSM.
* linux seems to only have the SNARE extensions, and SELinux logging
doesn't seem to be something that people use.
* *BSD doesn't seem to have a standard system for this. someone is
implementing a BSM-like system for freebsd called trustedbsd but its still
very new and only the 6-current has some of this uploaded.
the level of detail required is quite high - syscalls, socket and file
are there plans for something like this for netbsd?
the evential aim is to process logs (in real-time, not off-line) to enforce
security measures at an application level (against profiles of known good
its currently only a research project - but that's what netbsd if for!