[clug] File system logging/auditing
intersect at gmail.com
Thu Oct 20 06:21:26 GMT 2005
'Snare' might be the thing you're looking for. As the developer, I might be
a bit biased, but it sounds right, based on your requirements.
Tripwire might be useful for you though, if all you want to do is detect
whether a file has been changed. Unfortunately, it won't tell you whether a
file has been accessed (or more to the point, if someone attempts access,
Snare's a required part of the US DoD/DISA Common Operating Environment, is
used in quite many govt departments and organisations, and is included in a
few enterprise-focused distributions (eg: SGI Altix) by default.
We're hoping that the new audit subsystem in 2.6.12+ will take over most of
the kernel-level functionality in Snare, but if you're running
FC3/RHEL4/Debian Sarge/SuSE 9/SLES, or anything earlier than this, you might
want to check snare out.
Incidentally, we also have snare agents for a Windows/AIX/Irix/Tru64/Solaris
and a whole bunch of others. All open source.
http://www.intersectalliance.com/projects/index.html for more info.
psyex at netspace.net.au wrote:
> > Hi,
> > Has anyone ever set up some way of logging/auditing file system events
> > Linux? If so, how did you achieve this?
> > I know that Windows will log many events (such as date, time, user, and
> type of
> > operation for reads, writes, stats, etc.) to the system log when the
> > capability is enabled. A similar function to this under Linux is what
> I'm after.
> > Cheers,
> > Damien
> > ------------------------------------------------------------
> > This email was sent from Netspace Webmail: http://www.netspace.net.au
> linux mailing list
> linux at lists.samba.org
More information about the linux