An autrace that follows forks
Steve Grubb
sgrubb at redhat.com
Wed Oct 11 20:24:54 UTC 2006
On Wednesday 11 October 2006 16:06, John D. Ramsdell wrote:
> I plan to write a version of autrace that follows forks.
This is a problem that requires a kernel side implementation. We've talked
about it in the past and I don't think we've got code yet. We did add audit
by ppid which helps a little. But we need a generic way to say that we want
to audit a specific program and all its descendants.
-Steve
More information about the Linux-audit
mailing list