[Gllug] Auditing file access [Was: Securing XP]
Daniel P. Berrange
dan at berrange.com
Mon Apr 4 09:38:33 UTC 2005
On Mon, Apr 04, 2005 at 10:31:52AM +0100, Simon Morris wrote:
> On Mon, 2005-04-04 at 10:01 +0100, John Southern wrote:
>
> > Still, installing a virus is the least of your worries. What happens
> > if some
> > twisted student with a grudge uploaded pr0n onto your machine and then
> > complained you were showing it around school.
> > Is there an audit trail available in XP to prove you do not do things?
>
> Got me thinking about how to do that on Linux - how do you audit
> successful or unsuccessful file access on Linux?
With RHEL-3 / Suse you've got LAUS (Linux AUditing System), or with
RHEL-4 you've got similar audit capability integrated with SELinux.
These can capture and record any specified set of system calls...
Dan.
--
|=- GPG key: http://www.berrange.com/~dan/gpgkey.txt -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- berrange at redhat.com - Daniel Berrange - dan at berrange.com -=|
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list