sptrace 1.4.2

Allows you to limit the access to ptrace() call in Linux.

  Add it to your Download Basket!

 Add it to your Watch List!

0/5

Rate it!

What's new in sptrace 1.4.2:

  • The module has been updated to work with the latest Linux kernel versions and tested with 2.6.26.
Read full changelog
send us
an update
LICENSE TYPE:
GPL (GNU General Public License) 
USER RATING:
3.8/5 14
DEVELOPED BY:
Krzysztof Burghardt
HOMEPAGE:
www.burghardt.pl
CATEGORY:
ROOT \ System \ System Administration
sptrace is a tool that allows you to limit the access to ptrace() call in Linux. It has the ability to trace and debug software on servers is not needed for most users. Giving them right to trace processes may leak information and if ptrace() is vulnerable lead to more problems.

sptrace is a secure ptrace() Linux Kernel Module (LKM). It limits users’ access to the ptrace() call. It can disable strace (and ltrace) altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace() call.

When someone not allowed to trace processes uses program that call ptrace() current and parent processes names, pids, uids and euids are logged, e.g.:

Dec 29 00:39:27 techie kernel: sptrace: ptrace() DENIED for (strace:28733) UID(1000) EUID(1000), parent (strace:28732) UID(1000) EUID(1000)
Dec 29 00:39:40 techie kernel: sptrace: ptrace() DENIED for (ltrace:28745) UID(1000) EUID(1000), parent (ltrace:28744) UID(1000) EUID(1000)

Last updated on March 15th, 2009

requirements

#ptrace() call #ptrace limiter #kernel module #ptrace() #call #limiter #LKM

Add your review!

SUBMIT