[2189] in linux-security and linux-alert archive
[linux-security] Re: You got some 'splaininn to do Lucy ;-)
daemon@ATHENA.MIT.EDU (John Summerfield)
Sat Jul 31 03:54:04 1999
To: linux-security@redhat.com
In-Reply-To: Your message of "Thu, 29 Jul 1999 15:25:08 MST."
<37A0D4C4.27C87701@SiliconDefense.com>
Date: Sat, 31 Jul 1999 07:40:08 +0800
From: John Summerfield <summer@OS2.ami.com.au>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
>
>
> "R. DuFresne" wrote:
> >
> > I don't know, isn't process auditing more useful for insiders doing hacks
> > to the system then outsiders? PRocess auditing is one way time shared
> > systems track useage data so as to help charge effectively, and to track
> > buggy apps and those insiders trying to hack up to a user level they are
> > not given on the system.
>
> There's two different systems - almost all Unix[-like] systems (inc Redhat)
<snip>
>
> System call auditing is much more detailed - every goddamn system call a
> process makes is recorded (well, usually it's configurable exactly what
> system calls are audited). It is *only* useful for security purposes.
Nix.
I've used equivalent information on OS/VS (pre MVS) to summarise
system-call usage & disk accesses as an aid to tuning computer systems and
applications. It's very useful knowing which files are taking the hits;
they can be moved to different drives or (on OS/VS) made adjacent on the
disk.
Knowing what system calls were being used, we could make intelligent
decisions about those that had to be in fixed or virtual storage, or could
be loaded from disk on demand.
Security in those days (punched cards) was effected by locks on doors.
I suspect that this logging on Unix was driven by similar needs.
--
Cheers
John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
