[Gllug] Auditing file access [Was: Securing XP]
Caparo
caparo at saltmine.org.uk
Mon Apr 4 14:02:50 UTC 2005
On Monday 04 April 2005 2:25, Bruce Richardson wrote:
> On Mon, Apr 04, 2005 at 10:31:52AM +0100, Simon wrote:
> > On Mon, 2005-04-04 at 10:01 +0100, John Southern wrote:
> > > Still, installing a virus is the least of your worries. What happens
> > > if some
> > > twisted student with a grudge uploaded pr0n onto your machine and then
> > > complained you were showing it around school.
> > > Is there an audit trail available in XP to prove you do not do things?
> >
> > Got me thinking about how to do that on Linux - how do you audit
> > successful or unsuccessful file access on Linux?
>
> You can monitor what remote users do via the network application (e.g.
> Samba) that is granting them access. For local users, you could
> possibley make use of FAM.
>
> Description: File Alteration Monitor
>
> FAM monitors files and directories, notifying interested applications of
> changes.
>
> This package provides a server that can monitor a given list of files
> and notify applications through a socket. If the kernel supports dnotify
> (kernels >= 2.4.x) FAM is notified directly by the kernel. Otherwise it
> has to poll the files' status. FAM can also provide a RPC service for
> monitoring remote files (such as on a mounted NFS filesystem).
Hi,
You could use AIDE which will monitor file activity and any file changes
additions etc and will send you a email about such activity.
Caparo
--
TTFN
Caparo
http://www.saltmine.org.uk
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list