NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2000-q4

Subject: Re: Core Dump as an Intrusion Event
From: Daniel Roesen (droesenENTIRE-SYSTEMS.COM)
Date: Tue Oct 10 2000 - 03:59:15 CDT

Next message: Slawek: "Re: ascii decoder"
Previous message: Bluefish (P.Magnusson): "Re: CGIs running on Windows"
In reply to: Jarno Huuskonen: "Re: Core Dump as an Intrusion Event"
Next in thread: Michael Wojcik: "Re: Core Dump as an Intrusion Event"
Reply: Daniel Roesen: "Re: Core Dump as an Intrusion Event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Oct 08, 2000 at 10:41:05PM +0300, Jarno Huuskonen wrote:
> What about adding some code so it can be controlled thru the proc filesystem ?
> Like enabling/disabling logging, log only certain programs etc.
> (echo 1 > /proc/sys/kernel/core-logging)
> Does this sound feasible/sensible ?

I'm working on this. Logging of coredumps (names core.<processname>.<pid>)
to syslog (via klogd) is already in place, it just needs the sysctl
interface.

Best regards,
Daniel

--
----------------------------------------------------------------------
entire systems GmbH         | droesenentire-systems.com
Internet Services           | Phone: +49 2624 9550-55
Ferbachstrasse 12           | Fax:   +49 2624 9550-20
D-56203 Hoehr-Grenzhausen   | http://www.entire-systems.com/
----------------------------------------------------------------------

Next message: Slawek: "Re: ascii decoder"
Previous message: Bluefish (P.Magnusson): "Re: CGIs running on Windows"
In reply to: Jarno Huuskonen: "Re: Core Dump as an Intrusion Event"
Next in thread: Michael Wojcik: "Re: Core Dump as an Intrusion Event"
Reply: Daniel Roesen: "Re: Core Dump as an Intrusion Event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]