Procwatch watches a /proc filesystem for new processes. When a process is created, procwatch reports the time, the username, the PID, and the binary that was run. Its output is suitable for logging to log files and is geared for system administrators who are testing a new but as yet untrusted UNIX system. Although it cannot detect, and is not proof against, hacked loadable kernel modules that have modified /proc, it is useful in watching for possible rogue binaries.
released on 23 November 2001
|License||Verified by||Verified on||Notes|
|Perl||Janet Casey||26 March 2001|
Leaders and contributors
Resources and communication
This entry (in part or in whole) was last reviewed on 26 November 2001.