Interesting Projects which Work in Related areas
- The ubiquitous strace. strace
tracks system calls from a specific executable, has primitive
filtering capabilities and is a very useful tool.
- systrace.
systrace and syscalltrack aim for different goals. We want to do
debugging and needle like precision, "which application is deleting
that file when running under the user UID?", and systrace aims to do
application level "jails". systrace is a part of the OpenBSD kernel.
- systrace.c, systrace.h.
systrace is does kernel level filtering of system calls, much like
syscalltrack, but is very limited and no longer developed(?). It does
support logging of events to a device file, which syscalltrack will
support Real Soon Now(tm). Simon Patarin wrote
to sct-hackers about it.
- medusa. medusa is a
security oriented project, which catches certain system calls, and
either allows, denies or replaces them with others. guy explains
the difference.
- overloader a user space,
script based tool, which alerts over invalid system calls.
- subterfugue
subterfugue is a nearly frozen project seeking leader developers to
revive it. It allows you to write syscall filters in python, which is
a very neat capability.
- SNARE is A
System Intrusion Analysis and Reporting Environment. Their code uses a
technique similar to syscalltrack, but without syscalltrack's safe
guards. They have a very nice GUI, though...
- changedfiles
is "A framework for simple filesystem replication and/or security
monitoring and/or automatic file transformations -- essentially any
application where one would poll files or directories and either do
things to them or send them out."
$Id: relevant.html,v 1.26 2003/02/05 22:30:58 mulix Exp $
|