Re: [RFC][PATCH] (#2) Prelim in-kernel file system auditing support
On Tue, 25 Jan 2005 09:40:00 PST, Casey Schaufler said:
What are the implications regarding a chroot
environment? I can imagine (although it strikes
me as somewhat insane) an admin wanting to audit
everything that goes on in a chroot environment,
say for a honeypot. The watching would have to
be enabled from outside. Not a bad thing, but is
it what you want?
Well, from where I'm sitting, *if* you buy into the idea of
a honeypot as being sane, you *definitely* want to be able
to enable auditing from "outside".
Attachments:
- attachment.sig (application/pgp-signature — 226 bytes)