Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary informa-tion about this process, and optionally kill the process if it was spawned by an unauthorized user. A "magic" group can be specified, allowing members of this group to run any setuid/setgid root executable.