Re: kernel event auditing for NetBSD?

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: kernel event auditing for NetBSD?
From: Brett Lymn <blymn%baea.com.au@localhost>
Date: Tue, 16 Nov 2010 15:00:51 +1030

On Mon, Nov 15, 2010 at 05:12:26PM -0500, Thor Lancelot Simon wrote:
> 
> One very good way to do this would be to write a DTrace provider for
> kauth.
> 

Only if our implementation of DTrace does not merrily drop events.  In
solaris the recommendation is to _never_ use DTrace for security
related monitoring/enforcement because events get dropped when the
buffer fills.

-- 
Brett Lymn
"Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."

Follow-Ups:
- Re: kernel event auditing for NetBSD?
  - From: Thor Lancelot Simon

References:
- kernel event auditing for NetBSD?
  - From: Jeremy C. Reed
- Re: kernel event auditing for NetBSD?
  - From: Antti Kantee
- Re: kernel event auditing for NetBSD?
  - From: Jeremy C. Reed
- Re: kernel event auditing for NetBSD?
  - From: Thor Lancelot Simon

Prev by Date: Re: kernel event auditing for NetBSD?
Next by Date: Re: kernel event auditing for NetBSD?
Previous by Thread: Re: kernel event auditing for NetBSD?
Next by Thread: Re: kernel event auditing for NetBSD?
Indexes:

Home | Main Index | Thread Index | Old Index