While running FreeBSD a long time ago, there was a default feature which logged when a process received one of the fatal signals, like SIGSEGV, SIGBUS, SIGKILL, etc. and was terminated because of that.
Is there something similar for Linux?
Linux – Logging Linux processes which exit because of a signal
linuxloggingsignals
Best Answer
The
auditdsuggestion is solid, but note that it only works if thekill(2)syscall is invoked.SIGBUS, for example, doesn't invoke that syscall; it's an interrupt handler inside of the kernel that then propagates the signal directly to the relevant process with no syscall interface required.To accomplish your goal perfectly, you're probably looking for BPF. This is an excellent resource to start playing with. At a guess—no warranties expressed or implied—you might want to instrument here.