Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 15328 ideas, 75068 comments, 1387413 votes

Idea #6487: Create Log And Permissions When Programs Read, Write In The Importan Directories



up
4
down
Written by eld1e6o the 6 Apr 08 at 09:15. Category: Security.
Related to: Nothing/Others. Status: New
Description

I think it's a good idea to anticipate and create tools that allow us to know completely the interaction of programs with important files on our computer. This is due to the need to pre-empt the generation of viruses, trojans and other programs to prevent unwanted at a time are popular in this system (there are ever more)
This would generate a lot of security to linux system, achieving a default very secure proof intruders already minimal cost software resource
Hence arises the need for some changes to the software:
* Create a log of files that modify, read or create programs in directoris system beyond that previously given them permission (sudoers)
- Why? Because many times the programs need to interact with certain important files, and we can not deny all permits, but if we learn that the program is doing at the time.
* Create a level of software that will allow us to interact, block and allow certain programs read or write certain files or directories
- Why? Because any malicious program could with a simple "sudo", "gksu" or "kdsu" deceive and modify or read private information / system, this would create a way to allow for making a soft style "firewall" to archives
* Create levels of privacy for each software, which could be asked the first time that each software tries to create / access to a certain directory. For example, certain programs can create programs that autoinicien, but not modify files in another directory (eg call level 1) while other programs may change the configuration files (/ boot / grub / menu.lst, / etc / X11/xorg.conf, etc.) (level 2)
- Why? To continue with the complete control of what's happening in our PC at home and limit such programs not to add Start (This happens very often, making slower start or shutdown of the system without us knowing about it because)
* In addition, an alternative that can coexist with the former is to create different passwords for different groups, thus ensuring that only altered parts of the system.
This could lead to this system is THE BIGGEST INSURANCE with complete comfort and requirements without hard or use of the processor, which in the future will continue to help run the power system freely without rotkits or anti-virus or anything style that consume time of the processor, memory, etc..

The Yours Diego
Tags: (none)

Attachments
No attachments.


Duplicates


Comments
Lee wrote on the 6 Apr 08 at 10:35
Windows has a general framework for auditing, where you can say that any access of certain files, protected in certain ways, should be logged. You can do this on read access, or write access.

It'd be great (if not vital!) to have a similar auditing tool in linux. I think SELinux could probably provide the underlying layer.

As a quick hack to accomplish this, there are tools that can monitor directories and then run scripts/programs on changes. I think the main one is a variation on cron.

Auzy wrote on the 6 Apr 08 at 11:10
This is what tripwire is for... Tripwires the best way of approaching this, and merging it into a security centre for easy management (http://brainstorm.ubuntu.com/idea/1282/)

Monicker wrote on the 3 May 08 at 21:39
There is already a package for system auditing in the repos - auditd, developed by Red Hat.

jonaskoelker wrote on the 10 Jun 08 at 05:21
You may also want to take a long, hard look at app-armor. It was easy to swallow after having listened to a talk on it (which you can do while playing nexuiz or what have you).


Post your comment