[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux Audit trail



On 2001 September? 30 ,Sunday 17:34, you wrote:

> come on guys, it's a POSIX.1e feature. Novell had it for years, NT
> has it, Solaris has it, how can it be that linux doesn't!??

Well, it seems there is a kernel component which is supposed to do 
the auditing, called "kernel auditing facility". This I found here 
(look under Auditing):

 <http://www.linuxsecurity.com/resource_files/server_security/linux-pr
ivs/linux-privs.html>

And I got there from freshmeat, which offers a daemon to read the 
audit data from /proc/audit

I hope this helps you a bit more.

Herouth

PS, according to the above document, the POSIX standard merely states 
what the audit trail should look like, not that an audit is a part of 
the POSIX standard.


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il