Piranha Audit: Kernel Enhancements And Utilities To Improve Audit/Logging

Abstract: 

This paper presents a mechanism to enrich logging as required in TCSEC [1] document to detect and stop possible intrusions based on typical attacks and to protect the sensible audit data from deletion/modification even in root compromise situation. After installing Piranha Audit, administrators will have a solid infrastructure for improving security and resistance to penetration, with only modest performance penalties. We present experimental results of the advantages of this solution and the performance impact of the mechanism.