From owner-freebsd-security Sun Dec 12 11:17: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from orhi.sarenet.es (orhi.sarenet.es [192.148.167.5]) by hub.freebsd.org (Postfix) with ESMTP id 158F114CBE for ; Sun, 12 Dec 1999 11:17:00 -0800 (PST) (envelope-from borjamar@sarenet.es) Received: from sarenet.es (sollube.sarenet.es [192.148.167.16]) by orhi.sarenet.es (Postfix) with ESMTP id E57C24D684 for ; Sun, 12 Dec 1999 20:15:44 +0000 (WET) Received: from sarenet.es (borja.sarenet.es [194.30.110.21] (may be forged)) by sarenet.es (8.8.8/8.8.5) with ESMTP id UAA00150 for ; Sun, 12 Dec 1999 20:13:37 +0100 (MET) Message-ID: <3853F4A8.D32AF81B@sarenet.es> Date: Sun, 12 Dec 1999 20:16:56 +0100 From: Borja Marcos X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Logging and security Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, This is my first day in this list, so greetings to all :-) One of the areas which need attention in FreeBSD is event logging. Logging is essential for good security, as detection of exploitation of unknown security holes often depends on logging. I have noticed that attempts to execute a program from a filesystem mounted as "noexec" aren't logged, and they could provide useful security information provided filesystems such as /tmp or /var are mounted as "noexec". I have sent a patch for kern_exec.c which logs these attempts (look at it as PR (really change request) kern/15435 in the GNATS database. It logs them as "notice" messages. Are you aware of other interesting events? Putting some work into this would (in my opinion) greatly enhance FreeBSD security. Regards, Borja. -- *********************************************************************** Borja Marcos * Internet: borjamar@sarenet.es Alangoeta, 11 1 izq * borjam@we.lc.ehu.es 48990 - Algorta (Vizcaya) * borjam@well.com SPAIN * *********************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message