The system call tracker is a Linux kernel module and supporting user space applications which allow interception of and possibly taking action upon system calls that match user-defined criteria. It allows you to set such rules as "tell me when someone tries to open /etc/passwd" and "if user '500' tries to connect to the network, fail the system call". It can also be thought of as strace on steroids.