memlockd

Langue: en

Version: 304268 (debian - 07/07/09)

Section: 8 (Commandes administrateur)

NAME

memlockd - daemon to lock files in memory with mlock

SYNOPSIS

memlockd [ -c config-file ] [ -d ] [ -u user ]

DESCRIPTION

This manual page documents briefly the memlockd command.

It is used to lock system programs and config files in memory so that if a DOS attack is experienced then the chance of the sys-admin regaining control of the system in a reasonable amount of time (and therefore having a reasonable chance of discovering the cause of the problem) is significantly increased.

OPTIONS

The -c option is used to specify the fully-qualified path name to a config file that lists the names of files to lock, if the config file is not specified then it will default to /etc/memlockd.cfg.

The -d option specifies debugging mode, the program will not fork and will produce it's logging messages on stderr instead of via syslog.

The -u option specifies the name of a user to use for running ldd (for recursive operation). Note that locking shared objects that are writable by non-root is not safe, but using a different UID will reduce the risk.

The config file will contain a number of fully qualified names of files to lock in RAM. When locking shared objects and ELF binaries it is possible to prefix the file name with a + character to indicate that memlockd should recursively lock all shared objects that the program requires and all shared objects that those objects require.

SEE ALSO

mlock(2), mmap(1).

AUTHOR

memlockd was written by Russell Coker <russell@coker.com.au>