Bug 154973 - [RFE] Capture user activities from hidden kernel module
[RFE] Capture user activities from hidden kernel module
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: distribution (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: dff
: FutureFeature
Depends On:
Blocks: 155047
  Show dependency treegraph
Reported: 2005-04-15 03:34 EDT by Joel Moxey
Modified: 2008-08-25 12:31 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-08-25 12:31:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Joel Moxey 2005-04-15 03:34:28 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Description of problem:
As a corporate user who deals service providing platforms, a tool that can record all data that about user activity - using the system read() call - to a remote log server would be extremely useful. The tool also needs to non-detectable and unloadable by the user.

This means a track of all activities on the system can be kept, such that if a problem with the service arises, the activities can be checked to see what user activity has happened on the node - thus potentially speeding up root cause analysis.

Tools exist that provide the functionality requested (see: http://www.honeynet.org/tools/sebek), but as it is open source there is no support organisation behind it - meaning that the company would be very reluctant to use it for production systems. This tool is also intended for honeypot systems, as opposed to service platforms, thus may not be as stable as needed.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Request For Enhancement

Additional info:
Comment 1 Suzanne Hillman 2005-04-15 16:40:19 EDT
Internal RFE bug #155047 entered; will be considered for future releases.
Comment 3 RHEL Product and Program Management 2008-08-25 12:31:17 EDT
Product Management has reviewed and declined this request.  You may appeal this
decision by reopening this request.

Note You need to log in before you can comment on or make changes to this bug.