Mailinglist Archive: opensuse (3100 mails)
| < Previous | Next > |
Re: [SLE] Re: SUSE Firewall primitive shadow of ZoneAlarm in interactive user-control
- From: Anders Johansson <andjoh@xxxxxxxxxx>
- Date: Wed, 22 Mar 2006 02:27:48 +0100
- Message-id: <200603220227.48733.andjoh@xxxxxxxxxx>
On Wednesday 22 March 2006 01:45, Linda Walsh wrote:
> Mostly retrospective. Many breakins in the real world happen because of
> some "anomalous" traffic going *out* from the system.
huh?
> I want something that pops up a notice anytime any non-permitted
> program attempts any action that is out of the ordinary. If my "C"
> compiler attempts to open "/etc/passwd" with write access, or "/etc/shadow"
> with _any_ permission, I'd like to see that pop up in real time -- not wait
> for a log review sometime later when the log in question may have been
> tampered with or deleted.
ZoneAlarm monitors file accesses???
I thought it was only a simple packet filter
AppArmor does monitor file accesses, incidentally
--
Certified: Yes. Certifiable: of course!
jabber ID: anders@xxxxxxxxxx
> Mostly retrospective. Many breakins in the real world happen because of
> some "anomalous" traffic going *out* from the system.
huh?
> I want something that pops up a notice anytime any non-permitted
> program attempts any action that is out of the ordinary. If my "C"
> compiler attempts to open "/etc/passwd" with write access, or "/etc/shadow"
> with _any_ permission, I'd like to see that pop up in real time -- not wait
> for a log review sometime later when the log in question may have been
> tampered with or deleted.
ZoneAlarm monitors file accesses???
I thought it was only a simple packet filter
AppArmor does monitor file accesses, incidentally
--
Certified: Yes. Certifiable: of course!
jabber ID: anders@xxxxxxxxxx
| < Previous | Next > |