Re: I would like to know about tracing system call in FreeBSD.
hjun...@illinois.edu wrote: > Dear, > > I have tried to trace system call using C language. > > I would like to detect privilege escalation through traceing system call. > Although freebsd announce the patch of telnet demon to remove malicious > access to esaclate privilege, I would like to implement the detecting program. > > My idea is if I detect the change of uid of process then I can recongnize the > privilege escalation. Maybe the audit(4) framework will be useful to you. signature.asc Description: OpenPGP digital signature
I would like to know about tracing system call in FreeBSD.
Dear, I have tried to trace system call using C language. I would like to detect privilege escalation through traceing system call. Although freebsd announce the patch of telnet demon to remove malicious access to esaclate privilege, I would like to implement the detecting program. My idea is if I detect the change of uid of process then I can recongnize the privilege escalation. I would like to get the program guide or document of kernel program of freebsd. Sincere. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
