[Gllug] stat'ing a file shows it was changed today and yet it has the date of a few days ago
Nix
nix at esperi.org.uk
Tue Jun 21 09:16:55 UTC 2011
On 21 Jun 2011, John Edwards said:
> There is a strange little hack called snoopy, which a preload shared
> library that wraps calls to execve() and effectively allows you to
> log all commands being run on a machine:
> http://sourceforge.net/projects/snoopylogger/
If you actually want to do this globally, it makes more sense to hack an
appropriate auditing call directly into the kernel. But that's a bit
trickier, perhaps.
--
NULL && (void)
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list