Hieu,
I would recommend to add some testing of the new Sebek write functionality added in the Linux 2.6 Sebek client.
Check the "sbk_install.sh" file and specifically the WRITE_TRACKING config variable.
It is still an experimental feature mainly due to performance issues that cause stability problems. Therefore your benchmarks would help to tune it.
Additionally, if you could share the methodology you will follow and the tools you are going to use, it could help others to perform similar tests with different Linux kernel versions and even different Linux Sebek versions, such as the Linux 2.4 one. This would provide a more complete analysis.
As Ed, I'd love to see what you come up with.
Raśl Siles
GSE
-----Original Message-----
From: NAHieu [mailto:nahieu_at_gmail.com]
Sent: martes, 10 de enero de 2006 05:22
To: honeypots_at_securityfocus.com
Subject: Sebek benchmarks?
Hello,
I am figuring out how much overhead Sebek costs on Linux 2.6
environment. I looked everywhere for a document that carried out any
benchmark on Sebek, but to no avail. Does such a paper/document
exists, but I dont know??
If it doesnt, I would like to run some benchmarks myself. I imagine
that these kind of benchmarks are necessary:
- Filesystem benchmark (because Sebek patches some I/O related syscalls)
- Network benchmark (Sebek patches socket syscall)
- ... (what more ?)
Anybody could please recommend me exactly which (standard) benchmarks
I should run? I will post the result to the list.
Many thanks.
Hieu
Received on Jan 16 2006
Intro
