>I think this would be useful, but I would be concerned about the rate at
>which these messages could come when someone is actively attacking a system.
>Perhaps such messages could go through a rate limiter mechanism similar to
>that now used by the network interfaces.
syslogd already has a "last message repeated N times"
Also most things you do that are negated by securelevel you can only do as
root, so I don't see how someone without elevated privileges could fill up
your logs with these messages anyway. These audit messages could be a nice
way of finding out that someone has root when they shouldn't. And if root
is compromised you have bigger things to worry about then overflowing log
files.
I personally think this would be very useful. Maybe supply a sysctl for
turning on and off. And for the newbies in the house turn it on by default.
That way the "Why can't I get this to work?" caused by securelevel settings
would be answered a lot quicker.
I'm still a junior kernel hacker myself, but I'd say this would be a
perfect junior kernel hacker project.
Doc
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
