Date: Sun, 12 Dec 1999 20:16:56 +0100 From: Borja Marcos <borjamar@sarenet.es> To: freebsd-security@freebsd.org Subject: Logging and security Message-ID: <3853F4A8.D32AF81B@sarenet.es>
next in thread | raw e-mail | index | archive | help
Hello, This is my first day in this list, so greetings to all :-) One of the areas which need attention in FreeBSD is event logging. Logging is essential for good security, as detection of exploitation of unknown security holes often depends on logging. I have noticed that attempts to execute a program from a filesystem mounted as "noexec" aren't logged, and they could provide useful security information provided filesystems such as /tmp or /var are mounted as "noexec". I have sent a patch for kern_exec.c which logs these attempts (look at it as PR (really change request) kern/15435 in the GNATS database. It logs them as "notice" messages. Are you aware of other interesting events? Putting some work into this would (in my opinion) greatly enhance FreeBSD security. Regards, Borja. -- *********************************************************************** Borja Marcos * Internet: borjamar@sarenet.es Alangoeta, 11 1 izq * borjam@we.lc.ehu.es 48990 - Algorta (Vizcaya) * borjam@well.com SPAIN * *********************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3853F4A8.D32AF81B>