Re: [ANNOUNCE] Kernel Generalized Event Management

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chris Wright <chrisw@osdl.org>
To: Bob Bennett <Robert.Bennett2@ca.com>
Cc: apkm@osdl.org, linux-kernel@vger.kernel.org,
	kgem-devel@lists.sourceforge.net
Subject: Re: [ANNOUNCE] Kernel Generalized Event Management
Date: Mon, 30 Aug 2004 15:39:42 -0700	[thread overview]
Message-ID: <20040830153942.C1973@build.pdx.osdl.net> (raw)
In-Reply-To: <Pine.LNX.4.58.0408301738310.22919@benro02lx.ca.com>; from Robert.Bennett2@ca.com on Mon, Aug 30, 2004 at 06:06:29PM -0400

* Bob Bennett (Robert.Bennett2@ca.com) wrote:
> KGEM is available for download from http://sf.net/projects/kgem as a patch
> against kernel 2.6.8.1 and as a gzipped tar file containing the source and 
> documentation.  The components may be built either as kernel loadable modules
> or as part of the base.
> 
> I have included a hook plugin module designed to be used with an anti-virus
> realtime scanner application, whose purpose is to check files as they are 
> being opened or executed, to make sure they are not infected.  This module 
> defines five events; open, execve, close, fork, and exit.  It registers with
> LSM to get control and generate these events.

So, why so much patch to do what's already available in the kernel?  With
LSM, plus audit, you can generate events that userspace can consume via
netlink w/out this /proc stuff, and sys_call_table symbol lookup stuff,
the kernel hooks, etc.

How about starting by showing exactly what pieces are missing in the
kernel?  This looks like things that can easily be done using existing
infrastructure.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

next prev parent reply	other threads:[~2004-08-30 22:39 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-30 22:06 [ANNOUNCE] Kernel Generalized Event Management Bob Bennett
2004-08-30 22:10 ` Christoph Hellwig
2004-08-30 22:24 ` Jeff Garzik
2004-08-30 22:39 ` Chris Wright [this message]
2004-08-31 15:29   ` Bob Bennett
2004-08-31 16:52     ` Robert Love

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040830153942.C1973@build.pdx.osdl.net \
    --to=chrisw@osdl.org \
    --cc=Robert.Bennett2@ca.com \
    --cc=apkm@osdl.org \
    --cc=kgem-devel@lists.sourceforge.net \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.