[Gllug] Auditing file access [Was: Securing XP]
Bruce Richardson
itsbruce at uklinux.net
Mon Apr 4 20:50:24 UTC 2005
On Mon, Apr 04, 2005 at 03:02:50PM +0100, Caparo wrote:
> > This package provides a server that can monitor a given list of files
> > and notify applications through a socket. If the kernel supports dnotify
> > (kernels >= 2.4.x) FAM is notified directly by the kernel. Otherwise it
> > has to poll the files' status. FAM can also provide a RPC service for
> > monitoring remote files (such as on a mounted NFS filesystem).
>
> Hi,
> You could use AIDE which will monitor file activity and any file changes
> additions etc and will send you a email about such activity.
Last time I looked, AIDE would detect file changes in the sense that it
could find changes in files since the last time it ran. This is not the
same thing as logging accesses to files as they happen.
--
Bruce
It is impolite to tell a man who is carrying you on his shoulders that
his head smells.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20050404/4c489dfa/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list