On Sun, Dec 16, 2012 at 8:07 AM, Alexander Hall <alexan...@beard.se> wrote: > > I still want to know the reason for all this. If it's for security, it sure > feels ass-backwards and questionable at best. >
it's useful for honeypot scenarios, with all proposed solutions so far being influenced by either lazyness or desire to maintain a modicum of portability with other unices. it's not useful for accounting on regular accounts the best balance between effort and results i believe is to extend the ktrace hooks to switch on curproc uid and put a cap on the logfile. what apis linux honeypot loggers use? do they sufficiently resemble ktrace? it's the only facility i see in openbsd besides systrace that fits the bill of already logging all sorts of io (not just pty)