Last Change: 2018-09-07, 16:50
powered by manpag.es
rklogd − RSBAC kernel log daemon.
rklogd [ −s ] [ −a ] [ −l ] [ −p ] [ −f fname ] [ −u uid ] [ −n host ]
rklogd is a system daemon which only intercepts and logs RSBAC kernel messages to a separate log file. It is started by root and sets UID to 400.
|
−a |
Alert (sound) on NOT_GRANTED. |
||
|
−s |
Use kernel syscalls instead "proc" file reading (if proc filesystem don’t work). |
||
|
−p |
Use file in /proc for message reading. Program use it way by default. |
−f file
Log messages to the specified filename. By default messages go to SECOFF_HOME/security-out file .
|
−u uid |
Change to the specified UID instead of the default 400. |
||
|
−l |
Listen for network connections.Log-server mode. Messages will copy to <log-name>-fromnet file. |
−n hostname
Copy messages to log-server on specified host.
Standard klogd daemon can’t read RSBAC kernel message buffers. This program does and sends the messages to a separate file. You can protect this file using any RSBAC model, e.g. RC, so a possible intruder cannot delete security alert logs.
/proc/rsbac-info/rmsg
kernel messages buffer.
|
rklogd |
daemon itself. |
/var/run/rklogd.pid
The file containing the process id of rklogd
May be. Please, send patches, not changed files.
I use some of klogd code.It was originally written by Steve Lord (lord AT cray DOT com), Dr. Greg Wettstein (greg AT wind DOT enjellic DOT com) made major improvements.
RSBAC (c) Amon Ott <ao AT rsbac DOT org>
rklogd (c) Stanislav Ievlev <inger AT linux DOT ru DOT net>, some
changes made by
Amon Ott <ao AT rsbac DOT org>