Dan Shimshoni wrote:
Is there a way to write an application/a kernel module which will
notice when a process named "xyz" starts ?
Partially, so - for old enough Linux versions (that is prior to 2.6.24)
you can implement an LSM (Linus Security Module) module.
You can still use LSM for newer kernels also, but you'll have to
statically compile the module into the kernel.
See the following example of implementing an LSM module:
http://www.linuxjournal.com/article/6279
For example, I want to be able to notice when a user statrs a process
named "calc" (by running calc, or whatever other unspecified command)
and print this notification to a file (or to kernel log).
My assumption is that I know **nothing** about that process besides it
name, "xyz"; I don't know anything about which ports it uses, (if at all),
I don't know the files it uses, (if at all), etc. All I know is ***just***
the process name.
You do realize I hope how not useful this is, right? it is trivial to
rename "xyz" to "zyx" and run it, thus evading whatever logging you had
in mind.
Cheers,
Gilad
--
Gilad Ben-Yossef
Chief Coffee Drinker
Codefidence Ltd.
The code is free, your time isn't.(TM)
Web: http://codefidence.com
Email: [EMAIL PROTECTED]
Office: +972-8-9316883 ext. 201
Fax: +972-8-9316885
Mobile: +972-52-8260388
Q: How many NSA agents does it take to replace a lightbulb?
A: dSva7DrYiY24yeTItKyyogFXD5gRuoRqPNQ9v6WCLLywZPINlu!
