[Gllug] Auditing file access [Was: Securing XP]
Bruce Richardson
itsbruce at uklinux.net
Mon Apr 4 13:25:48 UTC 2005
On Mon, Apr 04, 2005 at 10:31:52AM +0100, Simon wrote:
> On Mon, 2005-04-04 at 10:01 +0100, John Southern wrote:
>
> > Still, installing a virus is the least of your worries. What happens
> > if some
> > twisted student with a grudge uploaded pr0n onto your machine and then
> > complained you were showing it around school.
> > Is there an audit trail available in XP to prove you do not do things?
>
> Got me thinking about how to do that on Linux - how do you audit
> successful or unsuccessful file access on Linux?
You can monitor what remote users do via the network application (e.g.
Samba) that is granting them access. For local users, you could
possibley make use of FAM.
Description: File Alteration Monitor
FAM monitors files and directories, notifying interested applications of
changes.
This package provides a server that can monitor a given list of files
and notify applications through a socket. If the kernel supports dnotify
(kernels >= 2.4.x) FAM is notified directly by the kernel. Otherwise it
has to poll the files' status. FAM can also provide a RPC service for
monitoring remote files (such as on a mounted NFS filesystem).
--
Bruce
A problem shared brings the consolation that someone else is now
feeling as miserable as you.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20050404/075d71ed/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list