Bug 175856 - kernel - audit child processes
kernel - audit child processes
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Kernel Manager
Brian Brock
: FutureFeature
Depends On:
Blocks: RHEL4U4Audit
  Show dependency treegraph
 
Reported: 2005-12-15 14:42 EST by Steve Grubb
Modified: 2012-06-20 09:33 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 09:33:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2005-12-15 14:42:31 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
Ability to track child processes. There is a need to be able to audit the actions of a child process. For example, maybe we add a rule to audit a specific pid like apache's. We may need to collect all syscall data for any child it spawns. This can be done by matching on session id, process group, and/or another mechanism. I leave this as an "and" since all 3 things may need to be implemented. Process group and session ID are not fool proof, but work for any non-malicious program. If we want to consider tracking possibly untrusted apps - we need to implement another mechanism.

Version-Release number of selected component (if applicable):
kernel-2.6.9-25

How reproducible:
Didn't try

Steps to Reproduce:
1. New Feature Request

Additional info:
Comment 1 Jiri Pallich 2012-06-20 09:33:18 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.