Privilege escalation detection system for GNU/Linux

 Ninja is a privilege escalation detection and prevention
 system for GNU/Linux hosts. While running, it will monitor
 process activity on the local host, and keep track of all
 processes running as root. If a process is spawned with
 UID or GID zero (root), ninja will log necessary information
 about this process, and optionally kill the process
 if it was spawned by an unauthorized user.
 A "magic" group can be specified, allowing members of this
 group to run any setuid/setgid root executable.
 Individual executables can be whitelisted. Ninja uses a
 fine grained whitelist that lets you whitelist executables
 on a group and/or user basis. This can be used to allow
 specific groups or individual users access to setuid/setgid
 root programs, such as su(1) and passwd(1).