Date: Wed, 15 Oct 1997 17:44:04 +0100 From: njs3@doc.ic.ac.uk (Niall Smart) To: Brian Mitchell <brian@firehouse.net> Cc: c@doc.ic.ac.uk, hackers@freebsd.org Subject: Re: Question about file opens Message-ID: <E0xLWYH-0007cs-00@oak73.doc.ic.ac.uk>
next in thread | raw e-mail | index | archive | help
> On Wed, 15 Oct 1997, Charles Green wrote: > > > For a project I'm working on we're interested in tracking file opens, > > and are interested in the best way of tracking them. Any ideas? Or is it > > impossible without modifying the kernel? > > There are two ways, auditing (which freebsd doesnt have yet - see > http://shell.firehouse.net/~brian/bsdc2audit for preliminary driver) or > modifying the libc stubs. You could also use a preloaded shared lib to do > it without rebuilding libc, if you wanted to. Its probably worth noting that if the auditing is for security-related purposes then modifying the libc stubs is worse than useless because the system calls can be called directly by the hacker without libc. Niall
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0xLWYH-0007cs-00>