Another question - audit_lost
Erich Schubert
erich.schubert at gmail.com
Tue Feb 22 20:46:03 UTC 2005
Hi,
it seems that "ps" is very good at generating too many audit events.
This could undermine the usefulness seriously - when I can just do a
"while true; do ps > /dev/null; done" in one shell to overload the
audit system, then hope that my real actions get dropped.
Greetings,
Erich Schubert
--
erich@(mucl.de|debian.org) -- GPG Key ID: 4B3A135C (o_
To understand recursion you first need to understand recursion. //\
Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für V_/_
eine Stunde wie eine Heimat aus. --- Herrmann Hesse
More information about the Linux-audit
mailing list