An Approach to UNIX Security Logging
نویسندگان
چکیده
Off-line intrusion detection systems rely on logged data. However, the logging mechanism may be complicated and time-consuming and the amount of logged data tends to be very large. To counter these problems we suggest a very simple and cheap logging method, light-weight logging. It can be easily implemented on a Unix system, particularly on the Solaris operating system from Sun. It is based on logging every invocation of the exec(2) system call together with its arguments. We use data from realistic intrusion experiments to show the benefits of the proposed logging and in particular that this logging method consumes as little system resources as comparable methods, while still being more effective.
منابع مشابه
Automated System Monitoring and Notification with Swatch
This paper describes an approach to monitoring events on a large number of servers and workstations. While modern UNIX systems are capable of logging a variety of information concerning the health and status of their hardware and operating system software, they are generally not configured to do so. Even when this information is logged, it is often hidden in places that are either not monitored...
متن کاملLogging versus Soft Updates: Asynchronous Meta-data Protection in File Systems
The UNIX Fast File System (FFS) is probably the most widely-used file system for performance comparisons. However, such comparisons frequently overlook many of the performance enhancements that have been added over the past decade. In this paper, we explore the two most commonly used approaches for improving the performance of meta-data operations and recovery: logging and Soft Updates. The com...
متن کاملBuilding Chinese Walls in Standard Unix
The set-user-id facility in Unix can be used to form the basis for the implementation of a wide variety of diierent security policies in Unix. We show how the Chinese Wall security policy can be implemented using this facility. The approach is not appropriate for security critical applications: it serves to illustrate that it can be done in a rather simple way, and may be useful for less critic...
متن کاملPractical Unix Security - Securing IBM's AIX
This paper describes the process involved in securing a computer running AIX IBM's version of unix. AIX is derived from the BSD and System V variants of unix, with the addition of a system and device configuration database the ODM. This has led to the creation of a large number of system-specific configuration and management commands which should be used instead of the default unix commands. Fo...
متن کاملSystem Security Management via SNMP
We present a framework for managing system security, based on an SNMP Management Information Base (MIB), namely the System Security MIB (SSEC MIB). We have defined managed objects and completed the ASN.1 description of the MIB that embeds them. The related security management functions are mainly focused on monitoring, external script execution for system security scanning and access control. T...
متن کامل