> the hostname, one being a syscall and the other being a sysctl. One
> could of course have the kernel print a message to the console about
> it, syslogd(8) would pick that up.
Yes, I was about to propose this, but then I thought: why? If we go this way,
then we should definitely also log an IP address change, maybe even our default
router change MAC address... why not even hardware changes since last reboot?
Working in a security job, I can understand worries about important events
going unnoticed. But doing this in kernel is IMHO overkill, maybe it could be
interesting for TrustetBSD, but not in the normal kernel; at least, it should
be configurable at both compile time and runtime (high securelevel and/or a
sysctl).
The Right Way (tm) to do this is to use (or write) an host intrusion detection
system.
Having said this, the proposed patch looks fine to me and I think it should be
committed.
Bye,
Andrea
--
Speak softly and carry a cellular phone.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
