I've installed your patch. Works really great. Thanks very very much for it.
Have a nice day
MK
----- Original Message -----
From: "ober" <[EMAIL PROTECTED]>
To: "Ted Unangst" <[EMAIL PROTECTED]>
Cc: "MK" <[EMAIL PROTECTED]>; <misc@openbsd.org>
Sent: Tuesday, December 27, 2005 7:33 PM
Subject: Re: How to log all entered commands?
MK try it now.
http://www.linbsd.org/log_execve.38.patch
Thanks to Ted for pointing out the not so obvious
mistakes in it.
Thanks.
-Ober
On Mon, 26 Dec 2005, Ted Unangst wrote:
On 12/25/05, ober <[EMAIL PROTECTED]> wrote:
Here is a patch, probably something want to test before using on
a production box.
http://www.linbsd.org/log_execve.38.patch
It logs commands to syslog like this:
EXECVE: uid:1000 fullpath:/bin/ls command:ls foo
EXECVE: uid:1000 fullpath:/sbin/dmesg command:dmesg
EXECVE: uid:1000 fullpath:/usr/bin/touch command:touch fff
accessing a user pointer from kernel is an easy denial of service attack.
