Subject: Re: Some Ideas about Administrator's life
To: None <tikhonoff@bk.ru>
From: Hubert Feyrer <hubert@feyrer.de>
List: netbsd-advocacy
Date: 01/07/2005 15:15:16
  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

---559023410-118164847-1105107316=:23976
Content-Type: TEXT/PLAIN; charset=koi8-r; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE

On Thu, 6 Jan 2005, [koi8-r] =E1=CC=C5=CB=D3=C1=CE=C4=D2 =F4=C9=C8=CF=CE=CF=
ff wrote:
> I have little addition in the structure  of NetBSD. As for as I know, Net=
BSD meant
> for work with large number of users and processes. Therefore I suggest mo=
dify interpritation of  log-files. Now I developing a program, which allow =
to look  some information form this files on the base of rules. This rules =
add to rulelist by Root.
> Finally, if we use this addition, we can sift out many unnecessary inform=
ation and backtrace negative user's actions.

I found a program called 'btail' the other day, which uses bayesian=20
filtering for logfiles. Of course with all the learning first, but maybe=20
that's of interest to you.

It can be found at http://www.vanheusden.com/btail/, and I have a package=
=20
for it if you want (uncommitted, and I found the program not interesting=20
enough to bother maintaining the pkg).


> Moreover, now in the Net we can find many rootkits. May be we have possib=
ility to add a protection from this trouble?
> What are you think about this ideas?

NetBSD has some file flags like "append only" that could be used for that.
See chflags(1) for more.


  - Hubert

--=20
NetBSD - Free AND Open!      (And of course secure, portable, yadda yadda)
---559023410-118164847-1105107316=:23976--