Hi, On Thu, Jun 15, 2006 at 01:08:37PM -0700, [EMAIL PROTECTED] wrote: > I need to set up an audit trail for all commands run on machines. I
I'm no kernel expert, but can't processes be forked, too by calling some kernel functions directly (I mean not by using library functions)? I don't know if actual kernels have some kind of hook therefor. You may need to write a kernel module, if not. Maybe such module is part of modern intrusion detection systems. Greetings, Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]