From owner-freebsd-security  Fri Sep 17 23:29:50 1999
Delivered-To: freebsd-security@freebsd.org
Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228])
	by hub.freebsd.org (Postfix) with ESMTP id 5BB79152F0
	for <security@FreeBSD.ORG>; Fri, 17 Sep 1999 23:29:45 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
Received: from localhost (jkh@localhost [127.0.0.1])
	by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id XAA02095;
	Fri, 17 Sep 1999 23:28:39 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Cc: imp@village.org (Warner Losh), wes@softweyr.com (Wes Peters),
	brett@lariat.org (Brett Glass), security@FreeBSD.ORG
Subject: Re: BPF on in 3.3-RC GENERIC kernel 
In-reply-to: Your message of "Fri, 17 Sep 1999 23:24:07 PDT."
             <199909180624.XAA50611@gndrsh.dnsmgr.net> 
Date: Fri, 17 Sep 1999 23:28:39 -0700
Message-ID: <2091.937636119@localhost>
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I'm surprised nobody has brought up /dev/audit and the whole Digital
Unix approach to security (OS-level event monitoring and active
counter-measures).  It's not like there aren't a number of existing
examples to choose from when debating a "better course" of action.

- Jordan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message