We have presented Piranha_Audit, a systematic solution to the persistent problems of securing and improving the Audit and Logging capabilities, that prevents a broad class of buffer overflow security attacks from succeeding.
Its most important futures are that it denies the deletion/modification of protected files even in a root compromised situation; with TCSEC layout, the system administrator has a powerful method to investigate; intrusion detection is critical in today's complex enterprises. Attempting to manually review audit trails is hopelessly time-consuming and a losing battle given the number of systems and different types of audit trails. Today we need automated intrusion detection tools. Digitals finger print have produced with MD5 [6] algorithm, one of the best in its area.
All this with little performances degradation how is showed in the following figure.
| Event | Keywords |
|---|---|
| find | grep lyx | 1 |
| Pirannha Audit compile process | 2 |
| latex work.tex | 3 |
| Starting an X session | 4 |
| netscape | 5 |
| lyx | 6 |
| gimp | 7 |
| Linux Boot | 8 |
