[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Process monitor
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Process monitor
- From: Seth Arnold <sarnold_(_at_)_willamette_(_dot_)_edu>
- Date: Sun, 15 Oct 2000 20:25:39 -0700
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
* Nicholas Lee <nj_(_dot_)_lee_(_at_)_plumtree_(_dot_)_co_(_dot_)_nz> [001015 20:22]:
> Basically want a reactive UID/GID process scanner. ie. If suddenly a new
> un-registered process starts with root access (say some breaking in though a
> suid application) it gets picked up.
Ok. How about this idea? (Keeping in mind this is only an idea, and a
very poorly thought out one at that! Flame if constructive. :) Remove
the suid and guid bits on all executables except for sudo. Then, anytime
anything needs to be done with root privs, it must be done through sudo.
Visit your host, monkey.org