||$Id: index.html,v 1.5 2003/01/20 12:30:52 mulix Exp $|
For the terminally curious, here's the agenda, which turned out to be rather flexible as Guy didn't show up, and the other talks and demonstrations took longer than expected.
Here's the rough script for the demo I gave of syscalltrack's operation. Here are the rule files from the demo: start-stop-rule, rules to get notification when processes start or stop, write-etc-passwd, a rule to see which process is trying opening to /etc/passwd, and then to see what vi is writing to it, and a sample rule to fail 'getpid' calls made by ps.
Here are my notes on syscalltrack's device file design.