>I think this would be useful, but I would be concerned about the rate at >which these messages could come when someone is actively attacking a system. >Perhaps such messages could go through a rate limiter mechanism similar to >that now used by the network interfaces.
syslogd already has a "last message repeated N times" Also most things you do that are negated by securelevel you can only do as root, so I don't see how someone without elevated privileges could fill up your logs with these messages anyway. These audit messages could be a nice way of finding out that someone has root when they shouldn't. And if root is compromised you have bigger things to worry about then overflowing log files. I personally think this would be very useful. Maybe supply a sysctl for turning on and off. And for the newbies in the house turn it on by default. That way the "Why can't I get this to work?" caused by securelevel settings would be answered a lot quicker. I'm still a junior kernel hacker myself, but I'd say this would be a perfect junior kernel hacker project. Doc To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message