I would like to know about tracing system call in FreeBSD.

[hjung20]

Dear,

I have tried to trace system call using C language.

I would like to detect privilege escalation through traceing system call.
Although freebsd announce the patch of telnet demon to remove malicious access 
to esaclate privilege, I would like to implement the detecting program.

My idea is if I detect the change of uid of process then I can recongnize the 
privilege escalation.

I would like to get the program guide or document of kernel program of freebsd.

Sincere.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: I would like to know about tracing system call in FreeBSD.

[Ivan Voras]

hjun...@illinois.edu wrote:
 Dear,
 
 I have tried to trace system call using C language.
 
 I would like to detect privilege escalation through traceing system call.
 Although freebsd announce the patch of telnet demon to remove malicious 
 access to esaclate privilege, I would like to implement the detecting program.
 
 My idea is if I detect the change of uid of process then I can recongnize the 
 privilege escalation.

Maybe the audit(4) framework will be useful to you.



signature.asc
Description: OpenPGP digital signature