Dazuko
Dazuko provides a device driver allowing 3rd-party (userland) applications to execute file access control. It was originally developed by H+BEDV Datentechnik GmbH to allow on-access virus scanning. Other uses include a file-access monitor/logger or external security implementations. It operates by intercepting file access calls and passing the file information to a 3rd-party application. The 3rd-party application then has the opportunity to tell the device driver to allow or deny the file access. The 3rd-party application also receives information about the access event, such as accessed file, type of access, process id, and user id.
| Tags | Operating System Kernels Monitoring Security |
|---|---|
| Licenses | GPL BSD Revised |
| Operating Systems | POSIX BSD FreeBSD Linux |
| Implementation | C |
Recent releases
- 06 Sep 2008 20:42
Changes: This version adds support for the new RedirFS 0.3 API.
- 22 Mar 2007 13:00
Changes: Support for Linux kernel versions 2.6.19 through 2.6.21has been added. Minor fixes are included to support Dazuko-based applications using threads and/or the Dazuko Trusted Application Framework. The Lua language binding has been significantly updated. The userland DazukoIO library was cleaned up internally to improve readability and remove unnecessary global variables.
- 29 Nov 2006 13:39
Changes: A name cache leak on Linux systems has been discovered and fixed. Linux users are strongly encouraged to upgrade.
- 04 Oct 2006 01:35
Changes: Optional support has been added for syscall hooking with Linux 2.6. LSM remains the default method of event interception for Linux 2.6.
- 06 Aug 2006 16:10
Changes: An internal API change causing compile problems under FreeBSD has been fixed. Several changes were made to support the latest Linux 2.6 internal APIs.
- All comments
Recent commentsRe: race conditions with AntiExploit and ClamAV ;-(
I recommed installing the new 2.1.0 version of Dazuko. This version has much better support for multiple applications.
It is also a known problem that ClamAV sometimes causes problems (because of a poor usage of the Dazuko API). By not including system paths used by ClamAV (such as /var) you should be able to avoid this problem.
This was briefly discussed in the dazuko-help mailing list:
http://lists.gnu.org/archive/html/dazuko-help/2005-02/msg00008.html
race conditions with AntiExploit and ClamAV ;-(
I use AntiExploit 1.3beta5 along with ClamAV, for forther virus & exploit detections. but as long as a virus etected, the system hangs up.
Then I PING my computer from another one in the LAN, it replies; by ssh does'nt reply, and ANY user-mode process dosen't reply.
I reboot the computer and start clamd alonely, then everything is O.K. I tried an application written by myself, which is simply registered with dazuko in the READ ONLY mode, it is all right with clamd. Even I change the simple appliction to register in "r+" mode, still everything is O.K. No other than dazuko is registered by clamd and AntiVirus simultaneously and a infected file detected, things went wrong.
Then I believe there must be something wrong within them. can anybody give me some advice?
My Linux kernel version is 2.6.12, dazuko of 2.0.6, clamav of 0.86.1, AntiExploit of 1.3b5.
Thanks.
Best regards.
albcamus