On Sun, Feb 15, 2004 at 04:25:48AM +0700, Jean Christophe André wrote: > > On Sat, Feb 14, 2004 at 01:50:06PM -0600, hanasaki wrote: > > > what package and deamon does the audit of every file executed? > > Selon Jan Minar <Jan.Minar@seznam.cz>: > > RSBAC has such a facility. > > Executing is done by calling execve(2). The section number `2' informs > > us this is a system call. Therefore, such an accounting must be > > kernel-based to be reliable. No daemon/package alone can do the job. > > The current kernel BSD-accounting implementation allows to track processes > execution too. It's enougth for basic investigations and does not need a > kernel re-compile. See the "acct" package. Ah. Thank you for the info. I do stand corrected. -- Jan Minar "Please don't CC me, I'm subscribed." x 9
Attachment:
pgpWN7gayqyOv.pgp
Description: PGP signature