FUPIDS - fuzzy userprofile ids

(c) 2003 Steffen Wendzel. <cdp@doomed-reality.org>

LICENSE: BSDL

In Short: How to install fupids.

1.a. cd in /usr/src/sys (or /sys) and apply the kernelpatches:
	patch -p0 < p_kexec
	patch -p0 < p_kuipdsock
	patch -p0 < p_nif

1.b. Add a line 'kern/fupids.c' in your '/sys/conf/files' file.

2.c. cd in the folder fupids (from the tgz-file) and install the
     new code:
     	cp -r sys /usr/src/sys 

2. Enable the option "FUPIDS" in your Kernel configuration
file and rebuild your kernel:
	vi <KERNELFILE>
	insert this line: 'option	FUPIDS'
	config <KERNELFILE>
	rebuild the kernel

3. Install your new compiled kernel and reboot.


-------- ---------- --------

sample log messages.

# a user starts a new programm:
fupids: new programm: 'testsrv', uid: 1000

# there are low, medium, high and maximum security levels:
fupids: medium security warning, uid 1000, 849

# if i call listen():
fupids: user 1000: listen syscall

# and if i open a setuid'ed tcpdump:
fupids: n3: set in promiscuous mode! [proc: tcpdump pid: 3848 | parent: zsh ppid: 12452 | uid: 1000]

# if a user, who never does anything before is executing something...
fupids: new user, uid 1001.
fupids: new programm: 'ksh', uid: 1001

----
good luck and give me a lot of feedback ;)
