Re: sebek & linux 2.6.x

[Edward Balas <ebalas () iu edu>]

Jonas Yorg wrote:

> so looking at the page there doesn't seem to be any sebek availible for 
> the 2.6.x kernel.  Is that because they stopped exporting the 
> sys_call_table in 2.6?  If so, sebek was spawned from adore, so why 
> doesn't it just use adore-ng's 2.6 methods?  If not could someone please 
> explain?
>
> thanks
>
> Jonas
>  
Jonas,

Rome wasn't built in a day ;-)  We have  been working on a version 3 of 
Sebek which
goes beyond just sys_read monitoring for the 2.4 kernel and Ill be 
adding a port for the
2.6 kernel in the next few months.   This new version is being developed 
hand in hand
with the "roo" Honeywall which is in beta.  A fair amount of work is 
currently going
into the newest version of the Honeywall, once it is a bit more stable, 
Ill crank out
the 2.6 port.


Edward