[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Linux Audit trail
- To: IGLU Mailing list <linux-il(at-nospam)iglu.org.il>
- Subject: Linux Audit trail
- From: Ira Abramov <lists-linux-il(at-nospam)ira.scso.com>
- Date: Sun, 30 Sep 2001 18:34:47 +0300 (IDT)
- Delivered-To: iglu.org.il-linux-il@iglu.org.il
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Sun, 30 Sep 2001, Edward Broustinov wrote:
> I think this might help..
> http://www.geocities.com/fcheck2000/fcheck.html
nonono, I need a REAL audit trail. which process, under which uid,
opened which file, with which permissions, even if as read only. that's
what I meant by Tripwire-style programs not fitting the request.
look, SELinux and friends enforce a security policy, right? but how do I
go about first finding out what needs to be limited, and who uses what?
and how do I find out if an application I installed is attempting to do
stuff I'm suspicious of? closing everything and starting to open up
restrictions one at a time is not a very good way of going about it.
come on guys, it's a POSIX.1e feature. Novell had it for years, NT has
it, Solaris has it, how can it be that linux doesn't!??
--
The Only Hope for Mankind
Ira Abramov
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il