[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auditing file access
- To: Shachar Shemesh <linuxil(at-nospam)consumer.org.il>
- Subject: Re: auditing file access
- From: guy keren <choo(at-nospam)actcom.co.il>
- Date: Sun, 30 Sep 2001 20:17:27 +0200 (EET)
- cc: Ira Abramov <lists-linux-il(at-nospam)ira.scso.com>, IGLU Mailing list <linux-il(at-nospam)iglu.org.il>
- Delivered-To: iglu.org.il-linux-il@iglu.org.il
- In-Reply-To: <3BB737FF.3080001@consumer.org.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Sun, 30 Sep 2001, Shachar Shemesh wrote:
> Syslogtrack - a haifux project. mulix, I believe, is one of the
> maintainers. I don't know any further detail, though.
and provided you're ready to use alpha-level software ;)
actually, only now i got user-defined logging format to work. until now,
the log did not contain pid and command name. the problem, thought is
that we log syscall parameters, so if a syscall gave a relative file path
(e.g. open("../../logdata", O_RDWR) ) - the log won't help you much,
unless you also log any 'chdir' calls... which complicates issues
greatly..). further, our code does logging using printf, which causes load
if you're logging a lot of information.
if you are somehow still interested, please check
http://syscalltrack.sf.net/, and/or email me privately.
you might also check medusa DS9 - its a kernel patch and user-level utils
for security issues - they might have what you need -
http://medusa.fornax.sk . it looks like that also got a nice logging
facility, and their product is certainly more mature.
hope this helps,
--
guy
"For world domination - press 1,
or dial 0, and please hold, for the creator." -- nob o. dy
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il