When a subject has the "C" flag, grsecurity will "Auto-kill all processes belonging to the attacker's IP address upon violation of security policy."
This is a great feature. What I'd love is a log of all the processes that are killed when this is triggered.
In testing my policies, I've noticed that I've managed to kill a few other processes (that were associated with my IP address) and didn't realise until later.
I also think it'd be a good idea if an attacker is trying to execute a binary in some "hidden" corner of the filesystem, it'd be nice to see what the process was.
So my request is that processes that are killed on voliation of policy, based on the "C" subject flag, get logged to the system log for later review.
Thanks!
Tim / tjh