|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Core Dump as an Intrusion Event
From: Kev (klmitch
MIT.EDU)Date: Fri Oct 06 2000 - 09:08:15 CDT
- Next message: Michael Wojcik: "Re: Core Dump as an Intrusion Event"
- Previous message: Talisker: "Re: tornkit"
- In reply to: Eclipse, Solar: "Re: Core Dump as an Intrusion Event"
- Next in thread: antirez: "Re: Core Dump as an Intrusion Event"
- Next in thread: Michael Wojcik: "Re: Core Dump as an Intrusion Event"
- Reply: Kev: "Re: Core Dump as an Intrusion Event"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> A better solution would be a kernel patch that hooks into the SIGSEGV
> signal handler and logs all segmentation faults. A predefined list of
> programs can be monitored. Maybe it's fesable to log segfaults of all
> root processes.
Only if you combine the latter with the former; many daemons setuid(),
say to user nobody, but you still want to be able to detect intrusion
attempts.
-- Kevin L. Mitchell <klmitch
- Next message: Michael Wojcik: "Re: Core Dump as an Intrusion Event"
- Previous message: Talisker: "Re: tornkit"
- In reply to: Eclipse, Solar: "Re: Core Dump as an Intrusion Event"
- Next in thread: antirez: "Re: Core Dump as an Intrusion Event"
- Next in thread: Michael Wojcik: "Re: Core Dump as an Intrusion Event"
- Reply: Kev: "Re: Core Dump as an Intrusion Event"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]