[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auditing file access



-----BEGIN PGP SIGNED MESSAGE-----

On 1 Oct 2001, Oleg Goldshmidt wrote:

> Ira Abramov <lists-linux-il@ira.scso.com> writes:
>
> > (and no, don't say tripwire, I'm talking about actual smart logging of
> > all the file access activities)
>
> Will BSD process accounting (acct.{c,h}) help somehow? I am not an

I'll have to dig into that.

> On a possibly related wavelength, I just noticed
>
> http://slashdot.org/article.pl?sid=01/10/01/0255245&mode=thread

[SELinux new vesrion]

that's very nice, SELinux has the ACLs and can enforce a policy, but I
want a tool that will gather statistics about which file is used by
which applications and help me decide on the specific policy rules I
should set for SElinux as an outcome. I need to find out if a program
(and I mean also closed source binaries) touches anything in /tmp or can
I lock it out of it. maybe a daemon that runs as root doesn't really
need to be root, etc.

so for now, what I read here is that there is no satisfactory solution
in the market for that right now?

- -- 
Next step in human evolution
Ira Abramov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://ira.abramov.org/pgp

iQCVAwUBO7ryuj01DAmtKbBRAQG+jgQArR72z5k+yJ5Y3E19Z7KodLiMPoxMPicB
umYOGIuniiE7UbWpIQv8a+zq/854B0gpvju71YoSMmCfOQeW8kPnVbahROClyoWH
uQOHa29+X7FWPethcjmnAlnJK8QngIdTqqo3MWwiPxfki1LO/J+Zt6+BomVrBAlw
5J+Wx0nAcGQ=
=HabH
-----END PGP SIGNATURE-----


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il