* [ANN] Linux Event Dispatcher
@ 2006-01-21 0:57 Junji Kanemaru
0 siblings, 0 replies; 2+ messages in thread
From: Junji Kanemaru @ 2006-01-21 0:57 UTC (permalink / raw)
To: SELinux
Hi,
I'm pleased to introduce Linux Event Dispatcher version 1.0 beta is
now ready for download.
I thought some people on this list might be interested in this so I'm
posting this. It would be multi-posting. It so, I'm very sorry for bandwidth.
Led is realtime event filtering framework for Linux system that handles any
system events on the fly.
You can register actions to particular events such as access violation and
login failures at realtime with led. The events can be fed from, via syslogd.
auditd, ulogd of netfilter and any other sources too.
This is preliminary release to have people review. The base framework is
pretty much done but plugins. I'd need some help from people out there
to write more plugins.
Any comments and requests are welcome :)
You can download led from: http://www.linuon.com/
[Brief Introduction]
First of all Linux Event Dispatcher, or led for short, is NOT a replacement
for other traditional logging and filtering system. Instead led gets fed events
from them.
The main goal of led is to handle system events realtime and do action for
the events on the fly.
For example you can have filters for critical events from kernel audit system
and setup detailed actions for each event such as avc violation and
unexpected write operation on /var/www/html/index.hml.
You may pick action for each event either shutdown system immediately or
block http port temporarily and recover whole web contents etc. And same
time you can check who did it and ban him/her from host if he/she is on
localhost and report it to you right away...
You would be able to do such things with led.
Normally most of administrators won't realize attack until they get some
error or look into logwatch report email carefully. It might be too late.
You could have restricted setting to take the risk minimum but you can't block
port entirely. As long as you are opening ports to public there's risk so how
fast you can notice error and recover from compromise is the key...
For more info please go to http://www.linuon.com/
Thanks,
-- Junji Kanemaru
--
Junji Kanemaru
Linuon Inc.
Tokyo Japan
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [ANN] Linux Event Dispatcher
@ 2006-01-20 14:38 Junji Kanemaru
0 siblings, 0 replies; 2+ messages in thread
From: Junji Kanemaru @ 2006-01-20 14:38 UTC (permalink / raw)
To: linux-audit, SELinux
Hi,
I'm pleased to introduce Linux Event Dispatcher version 1.0 beta is
now ready for download.
I thought some people on this list might be interested in this so I'm
posting this. It would be multi-posting. It so, I'm very sorry for bandwidth.
Led is realtime event filtering framework for Linux system that handles any
system events on the fly.
You can register actions to particular events such as access violation and
login failures at realtime with led. The events can be fed from, via syslogd.
auditd, ulogd of netfilter and any other sources too.
This is preliminary release to have people review. The base framework is
pretty much done but plugins. I'd need some help from people out there
to write more plugins.
Any comments and requests are welcome :)
You can download led from: http://www.linuon.com/
[Brief Introduction]
First of all Linux Event Dispatcher, or led for short, is NOT a replacement
for other traditional logging and filtering system. Instead led gets fed events
from them.
The main goal of led is to handle system events realtime and do action for
the events on the fly.
For example you can have filters for critical events from kernel audit system
and setup detailed actions for each event such as avc violation and
unexpected write operation on /var/www/html/index.hml.
You may pick action for each event either shutdown system immediately or
block http port temporarily and recover whole web contents etc. And same
time you can check who did it and ban him/her from host if he/she is on
localhost and report it to you right away...
You would be able to do such things with led.
Normally most of administrators won't realize attack until they get some
error or look into logwatch report email carefully. It might be too late.
You could have restricted setting to take the risk minimum but you can't block
port entirely. As long as you are opening ports to public there's risk so how
fast you can notice error and recover from compromise is the key...
For more info please go to http://www.linuon.com/
Thanks,
-- Junji Kanemaru
Linuon Inc.
Tokyo Japan
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-01-21 0:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-21 0:57 [ANN] Linux Event Dispatcher Junji Kanemaru
-- strict thread matches above, loose matches on Subject: below --
2006-01-20 14:38 Junji Kanemaru
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.