This software limits access to the ptrace() call in Linux, providing increased security and control over system processes.
One of the most significant advantages of sptrace is that it is a secure ptrace() Linux Kernel Module (LKM). It has been designed to limit users' access to the ptrace() call. It can also disable strace (and ltrace) altogether or restrict the users to a ptrace group. Only the users in that particular group will be allowed to use the ptrace() call.
In case someone who is not allowed to trace processes uses a program that calls ptrace() , the tool logs the current and parent processes' names, pids, uids, and euids. For instance:
Dec 29 00:39:27 techie kernel: sptrace: ptrace() DENIED for (strace:28733) UID(1000) EUID(1000), parent (strace:28732) UID(1000) EUID(1000)
Dec 29 00:39:40 techie kernel: sptrace: ptrace() DENIED for (ltrace:28745) UID(1000) EUID(1000), parent (ltrace:28744) UID(1000) EUID(1000)
In summary, sptrace is an excellent tool for those who want to protect their system's security by limiting the access to the ptrace() call. With its easy-to-use interface and efficient functionality, it is worth considering for software developers and system administrators alike.
Version 1.4.2: N/A