Re: kernel event auditing for NetBSD?

To: "Jeremy C. Reed" <reed%reedmedia.net@localhost>
Subject: Re: kernel event auditing for NetBSD?
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Mon, 15 Nov 2010 17:12:26 -0500

On Mon, Nov 15, 2010 at 04:03:31PM -0600, Jeremy C. Reed wrote:
> On Mon, 15 Nov 2010, Antti Kantee wrote:
> 
> > On Mon Nov 15 2010 at 14:48:37 -0600, Jeremy C. Reed wrote:
> > > It has a kernel side (of course) that would be a slow process to add all 
> > > the places to report.
> > 
> > Can't you (ab)use kauth for that?
> 
> Yes, I should have mentioned that. That might be a way to get a great 
> start. (From a quick look, I am not sure which, if any, audit class is 
> for authorization.)

One very good way to do this would be to write a DTrace provider for
kauth.

-- 
  Thor Lancelot Simon                                        
tls%rek.tjls.com@localhost

  "We cannot usually in social life pursue a single value or a single moral
   aim, untroubled by the need to compromise with others."      - H.L.A. Hart

Follow-Ups:
- Re: kernel event auditing for NetBSD?
  - From: Brett Lymn

References:
- kernel event auditing for NetBSD?
  - From: Jeremy C. Reed
- Re: kernel event auditing for NetBSD?
  - From: Antti Kantee
- Re: kernel event auditing for NetBSD?
  - From: Jeremy C. Reed

Prev by Date: Re: kernel event auditing for NetBSD?
Next by Date: Re: kernel event auditing for NetBSD?
Previous by Thread: Re: kernel event auditing for NetBSD?
Next by Thread: Re: kernel event auditing for NetBSD?
Indexes:

Home | Main Index | Thread Index | Old Index