[Gllug] stat'ing a file shows it was changed today and yet it has the date of a few days ago
Richard W.M. Jones
rich at annexia.org
Wed Jun 22 09:52:19 UTC 2011
On Tue, Jun 21, 2011 at 10:16:55AM +0100, Nix wrote:
> On 21 Jun 2011, John Edwards said:
> > There is a strange little hack called snoopy, which a preload shared
> > library that wraps calls to execve() and effectively allows you to
> > log all commands being run on a machine:
> > http://sourceforge.net/projects/snoopylogger/
>
> If you actually want to do this globally, it makes more sense to hack an
> appropriate auditing call directly into the kernel. But that's a bit
> trickier, perhaps.
Just run the audit daemon, shirley?
http://linux.die.net/man/8/auditd
http://people.redhat.com/sgrubb/audit/
I'm told that some of our customers really use this to track every
tiny change to every file.
Rich.
--
Richard Jones
Red Hat
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list