NAME

       rklogd - RSBAC kernel log daemon.

SYNOPSIS

       rklogd [ -s ] [ -a ] [ -l ] [ -p ] [ -f fname ] [ -u uid ] [ -n host ]

DESCRIPTION

       rklogd  is  a system daemon which only intercepts and logs  RSBAC kernel messages to a separate log file.
       It is started by root and sets UID to 400.

OPTIONS

       -a     Alert (sound) on NOT_GRANTED.

       -s     Use kernel syscalls instead "proc" file reading (if proc filesystem don't work).

       -p     Use file in /proc for message reading. Program use it way by default.

       -f file
              Log messages to the specified filename. By default messages go to SECOFF_HOME/security-out file .

       -u uid Change to the specified UID instead of the default 400.

       -l     Listen for network connections.Log-server mode. Messages will copy to <log-name>-fromnet file.

       -n hostname
              Copy messages to log-server on specified host.

OVERVIEW

       Standard  klogd  daemon can't read RSBAC kernel  message  buffers.   This  program  does  and  sends  the
       messages  to  a  separate  file.  You can protect this file using any RSBAC model, e.g. RC, so a possible
       intruder cannot delete security alert logs.

FILES

       /proc/rsbac-info/rmsg
              kernel messages buffer.
       rklogd daemon itself.
       /var/run/rklogd.pid
              The file containing the process id of rklogd

BUGS

       May be. Please, send patches, not changed files.

AUTHOR

       I use some of klogd code.It  was originally written by Steve Lord  (lord@cray.com),  Dr.  Greg  Wettstein
       (greg@wind.enjellic.com) made major improvements.
       RSBAC (c) Amon Ott <ao@rsbac.org>
       rklogd (c) Stanislav Ievlev <inger@linux.ru.net>, some changes made by
              Amon Ott <ao@rsbac.org>