sptrace 1.4.2

Allows you to limit the access to ptrace() call in Linux.
sptrace is a tool that allows you to limit the access to ptrace() call in Linux. It has the ability to trace and debug software on servers is not needed for most users. Giving them right to trace processes may leak information and if ptrace() is vulnerable lead to more problems.

sptrace is a secure ptrace() Linux Kernel Module (LKM). It limits users’ access to the ptrace() call. It can disable strace (and ltrace) altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace() call.

When someone not allowed to trace processes uses program that call ptrace() current and parent processes names, pids, uids and euids are logged, e.g.:

Dec 29 00:39:27 techie kernel: sptrace: ptrace() DENIED for (strace:28733) UID(1000) EUID(1000), parent (strace:28732) UID(1000) EUID(1000)
Dec 29 00:39:40 techie kernel: sptrace: ptrace() DENIED for (ltrace:28745) UID(1000) EUID(1000), parent (ltrace:28744) UID(1000) EUID(1000)

last updated on:
March 15th, 2009, 3:12 GMT
price:
FREE!
homepage:
www.burghardt.pl
license type:
GPL (GNU General Public License) 
developed by:
Krzysztof Burghardt
category:
ROOT \ System \ System Administration
sptrace
Download Button

In a hurry? Add it to your Download Basket!

user rating 14

3.8/5
 

0/5

Rate it!
What's New in This Release:
  • The module has been updated to work with the latest Linux kernel versions and tested with 2.6.26.
read full changelog

Add your review!

SUBMIT