Posts tagged with 'kernel'

nix audit

The linux kernel has an audit module which can keep track of which files are accessed, and which syscalls are invoked. This audit log can then be queried, and summarized into reports to allow for forensic investigations in post mortems, or even catc ... read more →