User: Password:
|
|
Subscribe / Log in / New account

Known-exploit detection for the kernel

Known-exploit detection for the kernel

Posted Dec 19, 2013 1:28 UTC (Thu) by dlang (subscriber, #313)
In reply to: Known-exploit detection for the kernel by gerdesj
Parent article: Known-exploit detection for the kernel

This isn't a way to secure the kernel as much as a way to have it act as a honypot if a problem that's been fixed gets triggered.

There is currently no way to detect that this sort of thing is taking place, and short of logging every syscall, it's just not possible without explicit support like this.

As long as the maintinance of this is not a burden, I don't see a problem with this (done sanely, rate limited with decent log messages)

you already have the kernel logging a lot of things, this is just a little more to go into the logs that you can either ignore or take advantage of.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds