Interesting Projects which Work in Related areas

• The ubiquitous strace. strace tracks system calls from a specific executable, has primitive filtering capabilities and is a very useful tool.
• systrace. systrace and syscalltrack aim for different goals. We want to do debugging and needle like precision, "which application is deleting that file when running under the user UID?", and systrace aims to do application level "jails". systrace is a part of the OpenBSD kernel.
• systrace.c, systrace.h. systrace is does kernel level filtering of system calls, much like syscalltrack, but is very limited and no longer developed(?). It does support logging of events to a device file, which syscalltrack will support Real Soon Now(tm). Simon Patarin wrote to sct-hackers about it.
• medusa. medusa is a security oriented project, which catches certain system calls, and either allows, denies or replaces them with others. guy explains the difference.
• overloader a user space, script based tool, which alerts over invalid system calls.
• subterfugue subterfugue is a nearly frozen project seeking leader developers to revive it. It allows you to write syscall filters in python, which is a very neat capability.
• SNARE is A System Intrusion Analysis and Reporting Environment. Their code uses a technique similar to syscalltrack, but without syscalltrack's safe guards. They have a very nice GUI, though...
• changedfiles is "A framework for simple filesystem replication and/or security monitoring and/or automatic file transformations -- essentially any application where one would poll files or directories and either do things to them or send them out."