NAME

       rklogd - RSBAC kernel log daemon.

SYNOPSIS

       rklogd [ -s ] [ -a ] [ -l ] [ -p ] [ -f fname ] [ -u uid ] [ -n host ]

DESCRIPTION

       rklogd  is  a  system  daemon  which  only intercepts and logs  RSBAC kernel messages to a
       separate log file. It is started by root and sets UID to 400.

OPTIONS

       -a     Alert (sound) on NOT_GRANTED.

       -s     Use kernel syscalls instead "proc" file reading (if proc filesystem don't work).

       -p     Use file in /proc for message reading. Program use it way by default.

       -f file
              Log  messages  to   the   specified   filename.   By   default   messages   go   to
              SECOFF_HOME/security-out file .

       -u uid Change to the specified UID instead of the default 400.

       -l     Listen  for  network  connections.Log-server  mode.  Messages  will  copy  to <log-
              name>-fromnet file.

       -n hostname
              Copy messages to log-server on specified host.

OVERVIEW

       Standard  klogd  daemon can't read RSBAC kernel message buffers.  This  program  does  and
       sends  the  messages to a separate file.  You can protect this file using any RSBAC model,
       e.g. RC, so a possible intruder cannot delete security alert logs.

FILES

       /proc/rsbac-info/rmsg
              kernel messages buffer.
       rklogd daemon itself.
       /var/run/rklogd.pid
              The file containing the process id of rklogd

BUGS

       May be. Please, send patches, not changed files.

AUTHOR

       I use some of klogd code.It  was originally written by  Steve  Lord  (lord@cray.com),  Dr.
       Greg Wettstein (greg@wind.enjellic.com) made major improvements.
       RSBAC (c) Amon Ott <ao@rsbac.org>
       rklogd (c) Stanislav Ievlev <inger@linux.ru.net>, some changes made by
              Amon Ott <ao@rsbac.org>