Date: Mon, 11 Mar 2002 14:02:21 -0600 From: "Guy Helmer" <ghelmer@palisadesys.com> To: "Jeff Jirsa" <jjirsa@hmc.edu>, <freebsd-hackers@FreeBSD.ORG> Subject: RE: logging securelevel violations Message-ID: <FPEBKMIFGFHCGLLKBLMMOEGOCAAA.ghelmer@palisadesys.com> In-Reply-To: <002001c1c936$c25ff4d0$5e3bad86@boredom>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeff Jirsa wrote: > I've noticed that currently, violations of securelevel are > aborted, but not > typically logged. It seems like in addition to aborting whichever > calls are > in progress, logging an error might be beneficial. I recognize that this > goes along the same lines as logging file permission errors, but if a file > is marked immutable, the implicit value of the file should > suggest that one > might want to be able to audit attempted changes to that file. I think this would be useful, but I would be concerned about the rate at which these messages could come when someone is actively attacking a system. Perhaps such messages could go through a rate limiter mechanism similar to that now used by the network interfaces. I am not certain whether this addition would affect the TrustedBSD work, either. Guy Helmer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FPEBKMIFGFHCGLLKBLMMOEGOCAAA.ghelmer>