Date: Sat, 18 Sep 1999 09:37:13 -0600 From: Brett Glass <brett@lariat.org> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: imp@village.org (Warner Losh), wes@softweyr.com (Wes Peters), security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel Message-ID: <4.2.0.58.19990918093413.047ff570@localhost> In-Reply-To: <2091.937636119@localhost> References: <Your message of "Fri, 17 Sep 1999 23:24:07 PDT." <199909180624.XAA50611@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
DEC's /dev/audit was the way they got Orange Book Class C certification, IIRC. As I understand it, though, it produced so many logs that you needed a separate gigabyte volume to hold them all on an active system! It would be worthwhile to look into a version of this, and also Sun's stuff (which was also used to get Class C). If FreeBSD could get Class C certification, it would open up an amazing number of doors. --Brett At 11:28 PM 9/17/99 -0700, Jordan K. Hubbard wrote: >I'm surprised nobody has brought up /dev/audit and the whole Digital >Unix approach to security (OS-level event monitoring and active >counter-measures). It's not like there aren't a number of existing >examples to choose from when debating a "better course" of action. > >- Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990918093413.047ff570>