11. Security

Since DTrace can examine custom events on the system with whatever additional data is of interest, it can be applied for various uses in computer security. These include the following:

• Sniffing, such as real-time forensics

• Monitoring:

– Custom auditing

– Host-based Intrusion Detection Systems (HIDS)

• Policy enforcement

• Security debugging:

– Privilege debugging

– Reverse engineering

Scripts are provided in this chapter to demonstrate these uses. These and additional topics including DTrace privileges and DTrace-based attacks are discussed first.

Privileges, Detection, and Debugging

In this section, we discuss the Solaris privileges associated with using DTrace and how DTrace can be used in several important security scenarios. ...

Get The Official Ubuntu Server Book, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.