[Gllug] Auditing file access [Was: Securing XP]

John Hearns john.hearns at streamline-computing.com
Mon Apr 4 11:25:01 UTC 2005


On Mon, 2005-04-04 at 10:31 +0100, Simon Morris wrote:
> On Mon, 2005-04-04 at 10:01 +0100, John Southern wrote:
> 
> > Still, installing a virus is the least of your worries. What happens
> > if some
> > twisted student with a grudge uploaded pr0n onto your machine and then
> > complained you were showing it around school.
> > Is there an audit trail available in XP to prove you do not do things?
> 
> Got me thinking about how to do that on Linux - how do you audit
> successful or unsuccessful file access on Linux?
> 


In addition to SELinux, you could also look at Dazuko 
http://www.dazuko.org/index.shtml

"This project provides a device driver allowing 3rd-party (userland)
applications to execute file access control. It was originally developed
by H+BEDV Datentechnik GmbH to allow on-access virus scanning. Other
uses include a file-access monitor/logger or external security
implementations. It operates by intercepting file access calls and
passing the file information to a 3rd-party application. The 3rd-party
application then has the opportunity to tell the device driver to allow
or deny the file access. The 3rd-party application also receives
information about the access event, such as accessed file, type of
access, process id, and user id."


-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list