Re: [RFC][PATCH] (#2) Prelim in-kernel file system auditing support
--- Valdis.Kletnieks(a)vt.edu wrote:
On Tue, 25 Jan 2005 09:40:00 PST, Casey Schaufler
said:
> What are the implications regarding a chroot
> environment? I can imagine (although it strikes
> me as somewhat insane) an admin wanting to audit
> everything that goes on in a chroot environment,
> say for a honeypot. The watching would have to
> be enabled from outside. Not a bad thing, but is
> it what you want?
Well, from where I'm sitting, *if* you buy into the
idea of
a honeypot as being sane, you *definitely* want to
be able
to enable auditing from "outside".
Clearly. Are there any cases where it makes
sense for it to be done from inside? If not,
looking at "/" might be fine.
=====
Casey Schaufler
casey(a)schaufler-ca.com
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail