On Wednesday 22 March 2006 01:45, Linda Walsh wrote:
Mostly retrospective. Many breakins in the real world happen because of some "anomalous" traffic going *out* from the system.
huh?
I want something that pops up a notice anytime any non-permitted program attempts any action that is out of the ordinary. If my "C" compiler attempts to open "/etc/passwd" with write access, or "/etc/shadow" with _any_ permission, I'd like to see that pop up in real time -- not wait for a log review sometime later when the log in question may have been tampered with or deleted.
ZoneAlarm monitors file accesses??? I thought it was only a simple packet filter AppArmor does monitor file accesses, incidentally -- Certified: Yes. Certifiable: of course! jabber ID: anders@rydsbo.net