Hello, I would write a daemon to let an user (probably the server administrator) to get notifies and interactive choices about what to do on the system when PaX logs something dangerous.
For example, i would that user, when probably an attach is occuring, could choose to "ban" the attacher IP/Mac, or to kill the application, or to do nothing, or other.
To be able to catch PaX "signals" i would need some API, because i don't want to work on logs.
Any APIs (and/or documentation) for PaX auditing, also to understand what i could think to do, or is my project achievable?
Excuse me for my inaccurate language but i'm not a native speaker.
Thank you.
Grsecurity API
2 posts
• Page 1 of 1
Grsecurity API
by alfatau » Sat May 13, 2006 4:31 am
- alfatau
- Posts: 2
- Joined: Thu May 11, 2006 5:17 pm
Re: Grsecurity API
by PaX Team » Fri May 19, 2006 8:10 am
when PaX detects something it's already too late for reaction in userland, the process exhibiting badness is simply killed and you'd better not let anyone else make that decisionalfatau wrote:Hello, I would write a daemon to let an user (probably the server administrator) to get notifies and interactive choices about what to do on the system when PaX logs something dangerous.
For example, i would that user, when probably an attach is occuring, could choose to "ban" the attacher IP/Mac, or to kill the application, or to do nothing, or other.
To be able to catch PaX "signals" i would need some API, because i don't want to work on logs.
Any APIs (and/or documentation) for PaX auditing, also to understand what i could think to do, or is my project achievable?
. this implies that you only get to work with the event logs. whether printk/syslog is the best way for you i can't tell, but feel free to add your own notification mechanism/hooks to the kernel where PaX reports something.- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
2 posts
• Page 1 of 1