Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
new version of SCSLog
  • From: Thomas Biege <thomas@xxxxxxx>
  • Date: Wed, 9 Aug 2000 12:54:32 +0200 (CEST)
  • Message-id: <Pine.LNX.4.21.0008091239290.941-100000@xxxxxxxxxxxxxx>
Hi ppl,
I released a new version (2.1) of SCSLog, my systemcall logging module.

I just cut some parts from the README file to show you what's new.

--- README ---

SCSLog provides you with the ability to log security relevant system calls
like:
- socketcall()
+ connect()
+ accept()
+ shutdown()
- chmod()
+ make a file setuid
+ make a file setgid
+ make a file world-writeable
- open()
+ create world-writeable files
+ create file without O_EXCL
- symlink()
- setuid()
- setgid()
- setreuid()
- setregid()

This informations should help you to track down security violations.

Some nice features of this tool
===============================
If you want to make SCSLog unremoveable/invisible, then load
SCSUnrmv/SCSHide with parameter module=<modulesname>.

# insmod scsunrmv.o modules="scslog"
# rmmod scsunrmv

# insmod scshide.o modules="scslog"
# rmmod scshide

If you want to make it persistent _and_ invisible you should 1) insmod scsunrmv.o
and 2) insmod scshide.o _not_ vice versa!


USAGE
=====

scslog.o:
logsocket={0,1} -> log socketcall()
logchown={0,1} -> log chown()
logopenww={0,1} -> log open() - world-writeable files
logopenexcl={0,1} -> log open() - open file w/o O_EXCL flag
(could lead to sym link attacks)
logsymlink={0,1} -> log symlink()
logsetuid={0,1} -> log setuid()
logsetgid={0,1} -> log setgid()
logsetreuid={0,1} -> log setreuid()
logsetregid={0,1} -> log setregid()

scshide.o:
module="<string>" -> module to hide
messages={0,1} -> log just error and syscall messages

scsunrmv.o:
module="<string>" -> module to make persistent
messages={0,1} -> log just error and syscall messages


--- README ---

You'll find SCSLog 2.1 at http://www.suse.de/~thomas

I would be happy if you test it and send me your bugreports and
improvements.

TIA.

Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@xxxxxxx Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47



< Previous Next >
This Thread
  • No further messages