Re: [RFC][PATCH] (#2) Prelim in-kernel file system auditing support

Tuesday, 25 January 2005

--- Valdis.Kletnieks(a)vt.edu wrote:

...
 On Tue, 25 Jan 2005 09:40:00 PST, Casey Schaufler
 said:

 > What are the implications regarding a chroot
 > environment? I can imagine (although it strikes
 > me as somewhat insane) an admin wanting to audit
 > everything that goes on in a chroot environment,
 > say for a honeypot. The watching would have to
 > be enabled from outside. Not a bad thing, but is
 > it what you want?

 Well, from where I'm sitting, *if* you buy into the
 idea of
 a honeypot as being sane, you *definitely* want to
 be able
 to enable auditing from "outside". 
Clearly. Are there any cases where it makes
sense for it to be done from inside? If not,
looking at "/" might be fine.

=====
Casey Schaufler
casey(a)schaufler-ca.com

__________________________________ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [RFC][PATCH] (#2) Prelim in-kernel file system auditing support