Provided by: rsbac-klogd_1.4.0-repack-0ubuntu5_amd64
rklogd - RSBAC kernel log daemon.
rklogd [ -s ] [ -a ] [ -l ] [ -p ] [ -f fname ] [ -u uid ] [ -n host ]
rklogd is a system daemon which only intercepts and logs RSBAC kernel messages to a separate log file. It is started by root and sets UID to 400.
-a Alert (sound) on NOT_GRANTED. -s Use kernel syscalls instead "proc" file reading (if proc filesystem don't work). -p Use file in /proc for message reading. Program use it way by default. -f file Log messages to the specified filename. By default messages go to SECOFF_HOME/security-out file . -u uid Change to the specified UID instead of the default 400. -l Listen for network connections.Log-server mode. Messages will copy to <log- name>-fromnet file. -n hostname Copy messages to log-server on specified host.
Standard klogd daemon can't read RSBAC kernel message buffers. This program does and sends the messages to a separate file. You can protect this file using any RSBAC model, e.g. RC, so a possible intruder cannot delete security alert logs.
/proc/rsbac-info/rmsg kernel messages buffer. rklogd daemon itself. /var/run/rklogd.pid The file containing the process id of rklogd
May be. Please, send patches, not changed files.
I use some of klogd code.It was originally written by Steve Lord (firstname.lastname@example.org), Dr. Greg Wettstein (email@example.com) made major improvements. RSBAC (c) Amon Ott <firstname.lastname@example.org> rklogd (c) Stanislav Ievlev <email@example.com>, some changes made by Amon Ott <firstname.lastname@example.org>