man accton
James <james@jmp-e.com> wrote:
> Recently a machine running OpenBSD 6.8 had its configuration changed and I
> believe it to have been subject to a malicious attack.
>
> This change is completely unexplainable, compromised security, and would
> have required root access.
>
> The log files reveal nothing out of the ordinary except for wtmp
> indicating 0 users are logged in:
>
> -bash-5.0# who
> -bash-5.0# w
> 1:49PM up 2:21, 0 users, load averages: 1.35, 1.38, 1.50
> USER TTY FROM LOGIN@ IDLE WHAT
> -bash-5.0#
>
>
> I would like to be able to log every exec syscall with the details of the
> current timestamp, calling PID, program path, arguments, and new PID.
>
> Ideally this would be implemented in the kernel. Are there any
> existing solutions?
>
> Thanks,
>
No comments:
Post a Comment