[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Linux Audit trail



On Sun, 30 Sep 2001, Edward Broustinov wrote:

> I think this might help..
> http://www.geocities.com/fcheck2000/fcheck.html

nonono, I need a REAL audit trail. which process, under which uid,
opened which file, with which permissions, even if as read only. that's
what I meant by Tripwire-style programs not fitting the request.

look, SELinux and friends enforce a security policy, right? but how do I
go about first finding out what needs to be limited, and who uses what?
and how do I find out if an application I installed is attempting to do
stuff I'm suspicious of? closing everything and starting to open up
restrictions one at a time is not a very good way of going about it.


come on guys, it's a POSIX.1e feature. Novell had it for years, NT has
it, Solaris has it, how can it be that linux doesn't!??

-- 
The Only Hope for Mankind
Ira Abramov


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il