From owner-freebsd-security Fri Sep 17 23:33:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 6CB8814C0D for ; Fri, 17 Sep 1999 23:33:36 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id XAA50642; Fri, 17 Sep 1999 23:33:10 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199909180633.XAA50642@gndrsh.dnsmgr.net> Subject: Re: BPF on in 3.3-RC GENERIC kernel In-Reply-To: <2091.937636119@localhost> from "Jordan K. Hubbard" at "Sep 17, 1999 11:28:39 pm" To: jkh@zippy.cdrom.com (Jordan K. Hubbard) Date: Fri, 17 Sep 1999 23:33:10 -0700 (PDT) Cc: imp@village.org (Warner Losh), wes@softweyr.com (Wes Peters), brett@lariat.org (Brett Glass), security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'm surprised nobody has brought up /dev/audit and the whole Digital > Unix approach to security (OS-level event monitoring and active > counter-measures). It's not like there aren't a number of existing > examples to choose from when debating a "better course" of action. Can you give me an ISBN number or Digital Press title that would have the details about Digital Unix's implementation of /dev/audit? I've had the fortanate experience of not having to work on any modern Digital OS's (last was VMS 5.0 and Ultrix 3.x). I wonder if /dev/audit is lifted right out of VMS's SYS$AUDIT:. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message