NAME
rklogd - RSBAC kernel log daemon.
SYNOPSIS
rklogd [ -s ] [ -a ] [ -l ] [ -p ] [ -f fname ] [ -u uid ] [ -n host ]
DESCRIPTION
rklogd is a system daemon which only intercepts and logs RSBAC kernel
messages to a separate log file. It is started by root and sets UID to
400.
OPTIONS
-a Alert (sound) on NOT_GRANTED.
-s Use kernel syscalls instead "proc" file reading (if proc
filesystem don’t work).
-p Use file in /proc for message reading. Program use it way by
default.
-f file
Log messages to the specified filename. By default messages go
to SECOFF_HOME/security-out file .
-u uid Change to the specified UID instead of the default 400.
-l Listen for network connections.Log-server mode. Messages will
copy to <log-name>-fromnet file.
-n hostname
Copy messages to log-server on specified host.
OVERVIEW
Standard klogd daemon can’t read RSBAC kernel message buffers. This
program does and sends the messages to a separate file. You can
protect this file using any RSBAC model, e.g. RC, so a possible
intruder cannot delete security alert logs.
FILES
/proc/rsbac-info/rmsg
kernel messages buffer.
rklogd daemon itself.
/var/run/rklogd.pid
The file containing the process id of rklogd
BUGS
May be. Please, send patches, not changed files.
AUTHOR
I use some of klogd code.It was originally written by Steve Lord
(lord@cray.com), Dr. Greg Wettstein (greg@wind.enjellic.com) made major
improvements.
RSBAC (c) Amon Ott <ao@rsbac.org>
rklogd (c) Stanislav Ievlev <inger@linux.ru.net>, some changes made by
Amon Ott <ao@rsbac.org>