Date: Thu, 9 Aug 2001 18:35:33 -0500 From: Mike Meyer <mwm@mired.org> To: Michael Conlen <darthtuttle@yahoo.com> Cc: questions@freebsd.org Subject: Re: packaging up a kernel hack Message-ID: <15219.7749.270865.991829@guru.mired.org> In-Reply-To: <52533197@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Conlen <darthtuttle@yahoo.com> types: > Maybe it's because it's late and I've been hacking, > but I haven't seen a good doc on what to do when you > have a neat kernel hack you want to share with the > rest for the world. This hack *needs* an option. Most > people don't need it, and it will give you BIG log > files, but I haven't figure out how to create options > yet. Any doc pointers? I've seen it on the FreeBSD site, but it looks like you've added something that mostly already exists. > Aug 9 03:10:49 eno /kernel: exec: uid:0 pid:353 -> > pid->354 /usr/local/etc/rc.d/apache.sh start > > Now, if you were remotely logging and someone broke in > to your box, this would be kinda handy me thinks. Yes, but not as handy as the lastcomm command, which is already on the system. You're saving a slightly different set of information, and I could see extending the accounting stuff to include some of that information - particularly the pid and ppid. The full path name and argument list are both more useful and more problematical. On the other hand, some of the stuff that accton saves that you don't are also well worth having, in particular the terminal it started from and the time the process exited. It also provides a much cleaner interface than a kernel compile option to start saving data, so that just leaving it there all the time makes sense. So if I notice someone has broken in, I just turn it on and it starts logging their activities. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15219.7749.270865.991829>