[Gllug] Auditable filesystems
John Hearns
john.hearns at cern.ch
Fri Aug 9 10:11:44 UTC 2002
On Fri, 2002-08-09 at 11:59, Matthew Kirkwood wrote:
> On Fri, 9 Aug 2002, Tethys wrote:
>
> You could do it with something like Janus, or subterfugue:
>
> * http://www.cs.berkeley.edu/~daw/janus/
> * http://subterfugue.org/
>
> though it'll be very slow (esp. as the Linux ptrace interface
> doesn't let you say "just trap these syscalls").
>
> There are a few kernel syscall auditing projects, though none
> seemed particularly clean or complete. Alan seems to be
> working on it:
>
> * http://www.linux.org.uk/diary/
>
> with particular (though dissatisfied) reference to SNARE:
>
> * http://www.intersectalliance.com/projects/Snare/
>
> Let me know if you play with any of these -- I have uses for
> such things myself.
Following Vince's suggestion a month or so ago, I installed
Snare.
I found it easy to install, and useful.
On Gnome, you even get a menu item in 'utilities' to start up
the event logging window.
Give it a try!
I saw Alan Cox's remarks too - and I kinda took them more to mean
that the code would need work done before being officially integrated
into the kernel.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list