[rsbac] logging command arguments
Amon Ott
ao at rsbac.org
Tue Jan 9 09:46:00 CET 2007
On Donnerstag 04 Januar 2007 19:40, Hrvoje Marjanovic wrote:
> I am wondering if it is possible to log complete commands (together
with
> arguments) with RSBAC.
>
> When I log EXECUTE events on FILE target. I get the events logged,
but
> arguments are not logged, only command path, user, pid etc.
>
> Grsecurity has such a feature, but I don't think it is possible to
patch
> kernel with both grsecurity and rsbac.
We discussed this idea some time ago, but decided not to log the
arguments. They blow up the logs significantly, produce extra
overhead and are seldom needed. If you convince us that it is a
necessary feature, we can add it as an option.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list