Man Linux: Main Page and Category List

NAME

       rklogd - RSBAC kernel log daemon.

SYNOPSIS

       rklogd [ -s ] [ -a ] [ -l ] [ -p ] [ -f fname ] [ -u uid ] [ -n host ]

DESCRIPTION

       rklogd  is a system daemon which only intercepts and logs  RSBAC kernel
       messages to a separate log file. It is started by root and sets UID  to
       400.

OPTIONS

       -a     Alert (sound) on NOT_GRANTED.

       -s     Use  kernel  syscalls  instead  "proc"  file  reading  (if  proc
              filesystem don’t work).

       -p     Use file in /proc for message reading. Program  use  it  way  by
              default.

       -f file
              Log  messages  to the specified filename. By default messages go
              to SECOFF_HOME/security-out file .

       -u uid Change to the specified UID instead of the default 400.

       -l     Listen for network connections.Log-server  mode.  Messages  will
              copy to <log-name>-fromnet file.

       -n hostname
              Copy messages to log-server on specified host.

OVERVIEW

       Standard   klogd  daemon can’t read RSBAC kernel message buffers.  This
       program does and sends the  messages  to  a  separate  file.   You  can
       protect  this  file  using  any  RSBAC  model,  e.g.  RC, so a possible
       intruder cannot delete security alert logs.

FILES

       /proc/rsbac-info/rmsg
              kernel messages buffer.
       rklogd daemon itself.
       /var/run/rklogd.pid
              The file containing the process id of rklogd

BUGS

       May be. Please, send patches, not changed files.

AUTHOR

       I use some of klogd code.It   was  originally  written  by  Steve  Lord
       (lord@cray.com), Dr. Greg Wettstein (greg@wind.enjellic.com) made major
       improvements.
       RSBAC (c) Amon Ott <ao@rsbac.org>
       rklogd (c) Stanislav Ievlev <inger@linux.ru.net>, some changes made by
              Amon Ott <ao@rsbac.org>