Abnormal End of Processes
Alexander Viro
aviro at redhat.com
Wed Apr 18 20:06:10 UTC 2007
On Wed, Apr 18, 2007 at 12:09:50PM -0400, Steve Grubb wrote:
> Hi,
>
> I have been working on some code that detects abnormal events based on
> audit system events. One kind of event that we currently have no visibility for is
> when a program terminates due to segfault - which should never happen on a
> production machine. And if it did, you'd want to investigate it. Attached is a
> patch that collects these events and sends them into the audit system.
>
> Signed-off-by: Steve Grubb <sgrubb at redhat.com>
I'd suggest taking that into a separate function somewhere in kernel/audit*.c;
no need to clutter fs/exec.c with it. Leave if (unlikely(audit_enabled)) in
inlined wrapper as usual, pass signr as argument...
More information about the Linux-audit
mailing list