« Some access control stuffs | Main | Redefining key binding of Screen to avoid conflicts with Emacs »
February 25, 2006
Kernel auditing
inotify
Then there're some people at Redhat that developed the kernel auditing subsystem.
http://www.uniforum.chi.il.us/slides/HardeningLinux/LAuS-Design.pdf
http://lxr.linux.no/search?string=audit
http://syn.cs.pdx.edu/wiki/index.php/Light_weight_auditing_framework
https://www.redhat.com/archives/linux-audit/2004-August/msg00002.html
And some user space utilities released with SELinux, RHEL & Fedora Core:
http://people.redhat.com/sgrubb/audit/
http://rpmfind.net//linux/RPM/fedora/devel/i386/audit-1.1.4-5.1.i386.html
A third party patch that looks to have nice UI:
http://www.intersectalliance.com/projects/Snare/
Posted by Roy at February 25, 2006 02:03 PM