From owner-freebsd-security Sat Sep 18 19: 4:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.xmission.com (mail.xmission.com [198.60.22.22]) by hub.freebsd.org (Postfix) with ESMTP id 903C714DD1 for ; Sat, 18 Sep 1999 19:04:14 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from [204.68.178.39] (helo=softweyr.com) by mail.xmission.com with esmtp (Exim 2.12 #2) id 11SWKr-000431-00; Sat, 18 Sep 1999 20:04:13 -0600 Message-ID: <37E4449B.ADDD68EE@softweyr.com> Date: Sat, 18 Sep 1999 20:04:11 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brett Glass Cc: "Rodney W. Grimes" , Warner Losh , security@FreeBSD.ORG Subject: Re: Real-time alarms References: <199909180612.AAA00597@harmony.village.org> <4.2.0.58.19990918093306.047917c0@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass wrote: > > At 11:24 PM 9/17/99 -0700, Rodney W. Grimes wrote: > > > Real time alarms if someone even _tries_ > >to modify a schg file is what is missing... someone turning off > >schg on a file is another thing missing... or accessing the disk > >through the raw device to reset the bit, etc, etc... > > I like this idea a LOT. This is what we're talking about with the auditing facility. There are a lot of architectural issues to be solved, starting with "what is an alarm" and ending with "how do I securely transmit the alarms to those who need to know about them"? Fun stuff, eh? -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message