Bug 154973

Summary: [RFE] Capture user activities from hidden kernel module
Product: Red Hat Enterprise Linux 4 Reporter: Joel Moxey <joel.moxey>
Component: distributionAssignee: dff <dff>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: riek, tao
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-08-25 16:31:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 155047    

Description Joel Moxey 2005-04-15 07:34:28 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Description of problem:
As a corporate user who deals service providing platforms, a tool that can record all data that about user activity - using the system read() call - to a remote log server would be extremely useful. The tool also needs to non-detectable and unloadable by the user.

This means a track of all activities on the system can be kept, such that if a problem with the service arises, the activities can be checked to see what user activity has happened on the node - thus potentially speeding up root cause analysis.

Tools exist that provide the functionality requested (see: http://www.honeynet.org/tools/sebek), but as it is open source there is no support organisation behind it - meaning that the company would be very reluctant to use it for production systems. This tool is also intended for honeypot systems, as opposed to service platforms, thus may not be as stable as needed.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
Request For Enhancement
  

Additional info:
Comment 1 Suzanne Hillman 2005-04-15 20:40:19 UTC 
Internal RFE bug #155047 entered; will be considered for future releases.
Comment 3 RHEL Program Management 2008-08-25 16:31:17 UTC 
Product Management has reviewed and declined this request.  You may appeal this
decision by reopening this request.