LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-14-2005, 05:11 AM   #1
nedianz
LQ Newbie
 
Registered: Mar 2005
Distribution: RedHat
Posts: 7

Rep: Reputation: 0
which virtaul machine to use to log system calls by privileged proccesses


I am working on some project in which I need to log the system calls of certain processes running on the system. It is going to be on an older version of RedHat like 7.3 on Pentium IV (a network of 3 or 4 machines). Now my question is that can I use the Virtual machine concept here and get it all done on a single machine? The major point of concern is to be able log all the system calls (the order and the parameters are important here) and the most interesting ones would be privileged processes running with high privileges.

I have read some introduction and about the features of some of the emulators like Bochs, plex86, User Mode Kernel and VMware but I am still confused among them as some of them say that they don't run preveliged processes and then some are useful if you want to emulate different operating systems and platforms and then there are performance issues as well. Performance is not the major issue for me. I'll probably run the emulation on Fedora on PC so it's not a matter of supporting multiple OS or platforms. I only want to log "all" the system calls that a process is invoking along with the parameters for which I might use Snare (the auditing tool - the kernel needs to be patched for this) and make the nodes communicate with each other. Can anybody suggest which one will be most suitable for the kind of work I am doing?

Cheers,
N.
 
Old 03-14-2005, 06:10 AM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
UML is the best thing you can choose IMHO. You'll have a separate kernel running (with all the patches you need) and will be able to do anything with the system. And yes, you can run preveliged processes this way - but they'll be preveliged under the emulated system, not the host one.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
shell example using system calls djgerbavore Programming 7 03-06-2010 02:39 AM
Which virtual machine can be used to emulate RH 7.3 on PIV to log system calls nedianz Linux - Security 1 03-14-2005 08:07 AM
Which virtual machine can be used to emulate RH 7.3 on PIV to log system calls nedianz Linux - Software 0 03-14-2005 05:36 AM
Long list of addresses & Calls when I log in wartstew Linux - General 0 02-09-2005 09:21 PM
Some system calls Spooky Programming 1 11-24-2004 10:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration