From owner-freebsd-security  Mon Sep 20  8:50:56 1999
Delivered-To: freebsd-security@freebsd.org
Received: from forced.attrition.org (attrition.org [198.77.217.13])
	by hub.freebsd.org (Postfix) with ESMTP id D709115A8A
	for <security@FreeBSD.ORG>; Mon, 20 Sep 1999 08:50:07 -0700 (PDT)
	(envelope-from jobe@attrition.org)
Received: from localhost (jobe@localhost)
	by forced.attrition.org (8.9.3/0.0.1.beta.nospam) with SMTP id IAA28351;
	Mon, 20 Sep 1999 08:53:42 -0600
Date: Mon, 20 Sep 1999 08:53:41 -0600 (MDT)
From: Jobe <jobe@attrition.org>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Cc: ark@eltex.ru, freebsd@gndrsh.dnsmgr.net, security@FreeBSD.ORG
Subject: Re: Real-time alarms
In-Reply-To: <Pine.BSF.3.96.990920112110.42321B-100000@fledge.watson.org>
Message-ID: <Pine.LNX.3.96.990920085058.13128R-100000@forced.attrition.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Damn it Rob, you're taking all the fun out of my kernel projects =)  I'd
still like to write this up for my own daemonic educational purposes.
Also it will give me something to kill time.  Who knows, maybe you'll even
see something you like in my diffs ;).  When in doubt go with my ultimate
philosophy on life as we know it, "Fear not, stranger things have
happened."

--Jobe 

On Mon, 20 Sep 1999, Robert Watson wrote:

> 
> I'd advise against developing any more codebases for auditing--we already
> have two :-).  I have a /dev/audit, submission of records from a number of
> syscalls, an auditd + IDS interface, and some log management code.  Nate's
> folk are working on a better kernel interface and implementation, as was
> discussed on freebsd-security in July (please see archive for details).
> My userland library currently supports most of the posix.1e audit
> interface spec, and I have a set of posix.1e extensions for IDS modules.
> My hope is to adapt my auditd to speak Nate's kernel improvements, but
> continue to provide a standard interface and useful tools/etc.
> 
>   Robert N M Watson 
> 
> robert@fledge.watson.org              http://www.watson.org/~robert/
> PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
> TIS Labs at Network Associates, Safeport Network Services
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message