Thanks. I have enabled system accounting.
acct(5) seems to be limited by the fact that it is triggered on process
exit, doesn't contain the process ID or parent process ID and can only
store 10 characters for the command name.
ktrace could work but it's far too slow without limiting syscalls
rec
Recently a machine running OpenBSD 6.8 had its configuration changed and I
believe it to have been subject to a malicious attack.
This change is completely unexplainable, compromised security, and would
have required root access.
The log files reveal nothing out of the ordinary except for wtmp
So you want to ktrace your entire system, with a limited set of
monitors.
I've played with this before, to identify specific behaviours
when developing pledge. It required a large number of hacks,
and the performance was dismal.
Based upon my experience, I predict it will not work for your usage
man accton
James wrote:
> Recently a machine running OpenBSD 6.8 had its configuration changed and I
> believe it to have been subject to a malicious attack.
>
> This change is completely unexplainable, compromised security, and would
> have required root access.
>
> The log files reveal noth
4 matches
Mail list logo
