Red Hat Bugzilla – Bug 175856
kernel - audit child processes
Last modified: 2012-06-20 09:33:18 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7
Description of problem:
Ability to track child processes. There is a need to be able to audit the actions of a child process. For example, maybe we add a rule to audit a specific pid like apache's. We may need to collect all syscall data for any child it spawns. This can be done by matching on session id, process group, and/or another mechanism. I leave this as an "and" since all 3 things may need to be implemented. Process group and session ID are not fool proof, but work for any non-malicious program. If we want to consider tracking possibly untrusted apps - we need to implement another mechanism.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. New Feature Request
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life.
Please See https://access.redhat.com/support/policy/updates/errata/
If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.