[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auditing file access
- To: Ira Abramov <lists-linux-il(at-nospam)ira.scso.com>
- Subject: Re: auditing file access
- From: mulix <mulix(at-nospam)actcom.co.il>
- Date: Wed, 3 Oct 2001 13:22:59 +0300 (IDT)
- Cc: IGLU Mailing list <linux-il(at-nospam)iglu.org.il>
- Delivered-To: iglu.org.il-linux-il@iglu.org.il
- In-Reply-To: <Pine.LNX.4.33_heb2.09.0110031406410.7619-100000@green>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Wed, 3 Oct 2001, Ira Abramov wrote:
> that's very nice, SELinux has the ACLs and can enforce a policy, but I
> want a tool that will gather statistics about which file is used by
> which applications and help me decide on the specific policy rules I
> should set for SElinux as an outcome. I need to find out if a program
> (and I mean also closed source binaries) touches anything in /tmp or can
> I lock it out of it. maybe a daemon that runs as root doesn't really
> need to be root, etc.
>
> so for now, what I read here is that there is no satisfactory solution
> in the market for that right now?
ira, syscalltrack can do it. it's not 'in the market', but it's not
likely to crash your machine, and it will give you the info you need.
why not give it a try? if you need something it doesnt currently do,
write a patch or let us (guy or me) know and we'll write it. show me a
commercial product with this kind of support...
--
mulix
http://www.advogato.com/person/mulix
http://www.sf.net/projects/syscalltrack
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il