[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auditing file access
- Subject: Re: auditing file access
- From: Ira Abramov <lists-linux-il(at-nospam)ira.scso.com>
- Date: Wed, 3 Oct 2001 14:12:45 +0300 (IDT)
- cc: IGLU Mailing list <linux-il(at-nospam)iglu.org.il>
- Delivered-To: iglu.org.il-linux-il@iglu.org.il
- In-Reply-To: <m31yknbqsc.fsf@hedwig.data-zoo.com>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
-----BEGIN PGP SIGNED MESSAGE-----
On 1 Oct 2001, Oleg Goldshmidt wrote:
> Ira Abramov <lists-linux-il@ira.scso.com> writes:
>
> > (and no, don't say tripwire, I'm talking about actual smart logging of
> > all the file access activities)
>
> Will BSD process accounting (acct.{c,h}) help somehow? I am not an
I'll have to dig into that.
> On a possibly related wavelength, I just noticed
>
> http://slashdot.org/article.pl?sid=01/10/01/0255245&mode=thread
[SELinux new vesrion]
that's very nice, SELinux has the ACLs and can enforce a policy, but I
want a tool that will gather statistics about which file is used by
which applications and help me decide on the specific policy rules I
should set for SElinux as an outcome. I need to find out if a program
(and I mean also closed source binaries) touches anything in /tmp or can
I lock it out of it. maybe a daemon that runs as root doesn't really
need to be root, etc.
so for now, what I read here is that there is no satisfactory solution
in the market for that right now?
- --
Next step in human evolution
Ira Abramov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://ira.abramov.org/pgp
iQCVAwUBO7ryuj01DAmtKbBRAQG+jgQArR72z5k+yJ5Y3E19Z7KodLiMPoxMPicB
umYOGIuniiE7UbWpIQv8a+zq/854B0gpvju71YoSMmCfOQeW8kPnVbahROClyoWH
uQOHa29+X7FWPethcjmnAlnJK8QngIdTqqo3MWwiPxfki1LO/J+Zt6+BomVrBAlw
5J+Wx0nAcGQ=
=HabH
-----END PGP SIGNATURE-----
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il