[clug] File system logging/auditing

psyex at netspace.net.au psyex at netspace.net.au
Mon Oct 24 06:22:11 GMT 2005 

Thanks for the replies.

'Snare' looks like it fits the ticket - nice one.

For broader security purposes, http://www.grsecurity.net/features.php could be
used (does auditing and more).

Cheers,
Damien


Quoting Red Phoenix <intersect at gmail.com>:

> Heya Damien,
> 
> 'Snare' might be the thing you're looking for. As the developer, I might be
> a bit biased, but it sounds right, based on your requirements.
> 
> Tripwire might be useful for you though, if all you want to do is detect
> whether a file has been changed. Unfortunately, it won't tell you whether a
> file has been accessed (or more to the point, if someone attempts access,
> and fails).
> 
> Snare's a required part of the US DoD/DISA Common Operating Environment, is
> used in quite many govt departments and organisations, and is included in a
> few enterprise-focused distributions (eg: SGI Altix) by default.
> 
> We're hoping that the new audit subsystem in 2.6.12+ will take over most of
> the kernel-level functionality in Snare, but if you're running
> FC3/RHEL4/Debian Sarge/SuSE 9/SLES, or anything earlier than this, you might
> want to check snare out.
> 
> Incidentally, we also have snare agents for a Windows/AIX/Irix/Tru64/Solaris
> and a whole bunch of others. All open source.
> 
> http://www.intersectalliance.com/projects/index.html for more info.
> 
> Regards,
> 
> Leigh.
> 
> 
> psyex at netspace.net.au wrote:
> > > Hi,
> > >
> > > Has anyone ever set up some way of logging/auditing file system events
> > under
> > > Linux? If so, how did you achieve this?
> > >
> > > I know that Windows will log many events (such as date, time, user, and
> > type of
> > > operation for reads, writes, stats, etc.) to the system log when the
> > auditing
> > > capability is enabled. A similar function to this under Linux is what
> > I'm after.
> > > Cheers,
> > > Damien
> > >
> > >
> > >
> > >
> > > ------------------------------------------------------------
> > > This email was sent from Netspace Webmail: http://www.netspace.net.au
> > >
> >
> > --
> > linux mailing list
> > linux at lists.samba.org
> > https://lists.samba.org/mailman/listinfo/linux
> >
> 





------------------------------------------------------------
This email was sent from Netspace Webmail: http://www.netspace.net.au

More information about the linux mailing list