Date: Sun, 16 Jan 2000 18:11:33 -0500 (EST) From: Omachonu Ogali <oogali@intranova.net> To: Will Andrews <andrews@TECHNOLOGIST.COM> Cc: freebsd-security@FreeBSD.ORG Subject: RE: Parent Logging Patch for sh(1) Message-ID: <Pine.BSF.4.10.10001161810260.80606-100000@hydrant.intranova.net> In-Reply-To: <XFMail.000116172930.andrews@TECHNOLOGIST.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
It becomes helpful when you're backtracking the origin of an intrusion. I'm logging the parent PID and name that executed 'sh' and there's a second version that adds a deny list. Omachonu Ogali Intranova Networking Group On Sun, 16 Jan 2000, Will Andrews wrote: > On 16-Jan-00 Omachonu Ogali wrote: > > I thought it would benefit those who are security minded. Why shouldn't I > > have posted it? > > How does it help to log the PPID + name of the file? What prompted you to do > this sort of thing? > > -- > Will Andrews <andrews@technologist.com> > GCS/E/S @d- s+:+>+:- a--->+++ C++ UB++++ P+ L- E--- W+++ !N !o ?K w--- > ?O M+ V-- PS+ PE++ Y+ PGP+>+++ t++ 5 X++ R+ tv+ b++>++++ DI+++ D+ > G++>+++ e->++++ h! r-->+++ y? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001161810260.80606-100000>