Date: Mon, 20 Sep 1999 08:53:41 -0600 (MDT) From: Jobe <jobe@attrition.org> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: ark@eltex.ru, freebsd@gndrsh.dnsmgr.net, security@FreeBSD.ORG Subject: Re: Real-time alarms Message-ID: <Pine.LNX.3.96.990920085058.13128R-100000@forced.attrition.org> In-Reply-To: <Pine.BSF.3.96.990920112110.42321B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Damn it Rob, you're taking all the fun out of my kernel projects =) I'd still like to write this up for my own daemonic educational purposes. Also it will give me something to kill time. Who knows, maybe you'll even see something you like in my diffs ;). When in doubt go with my ultimate philosophy on life as we know it, "Fear not, stranger things have happened." --Jobe On Mon, 20 Sep 1999, Robert Watson wrote: > > I'd advise against developing any more codebases for auditing--we already > have two :-). I have a /dev/audit, submission of records from a number of > syscalls, an auditd + IDS interface, and some log management code. Nate's > folk are working on a better kernel interface and implementation, as was > discussed on freebsd-security in July (please see archive for details). > My userland library currently supports most of the posix.1e audit > interface spec, and I have a set of posix.1e extensions for IDS modules. > My hope is to adapt my auditd to speak Nate's kernel improvements, but > continue to provide a standard interface and useful tools/etc. > > Robert N M Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 > TIS Labs at Network Associates, Safeport Network Services > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.990920085058.13128R-100000>