[ oops, ommitted the CC line to freebsd-security@ ] May I throw in my two euros?
security.noexec.log_bin: /sbin/trusted_logging_prog security.noexec.log_maxrate: N security.noexec.log_enabled: 0 security.noexec.log_enabled refuses to enable itself unless security.noexec.log_bin exists and has the correct permissions, etc. security.noexec.log_maxrate is the maximum allowed number of logs per second. If this rate is exceeded, wait for a preset grace period and then if logs are still pouring in, stop accepting logs and periodically write a loud WARNING line to the log (this would be watched by something like logcheck to alert the administrator). This would prevent the flood of logging taking out the machine and the grace period should allow enough logging to make sure we know who the culprit was. Of course, this is all theoretical. There's most likely a glaring error or omission... M PS: could this be implemented with the MAC framework somehow? Isn't this sort of thing exactly what it was meant for? -- pgp: http://www.darklogik.org/pub/pgp/pgp.txt 0160 A46A 9A48 D3B0 C92F B690 17FB 4B72 0207 ED43 ----- End forwarded message ----- -- pgp: http://www.darklogik.org/pub/pgp/pgp.txt 0160 A46A 9A48 D3B0 C92F B690 17FB 4B72 0207 ED43
pgpwzxa0GeenN.pgp
Description: PGP signature
