[Gllug] stat'ing a file shows it was changed today and yet it has the date of a few days ago
Nix
nix at esperi.org.uk
Wed Jun 22 10:46:36 UTC 2011
On 22 Jun 2011, Richard W. M. Jones verbalised:
> On Tue, Jun 21, 2011 at 10:16:55AM +0100, Nix wrote:
>> On 21 Jun 2011, John Edwards said:
>> > There is a strange little hack called snoopy, which a preload shared
>> > library that wraps calls to execve() and effectively allows you to
>> > log all commands being run on a machine:
>> > http://sourceforge.net/projects/snoopylogger/
>>
>> If you actually want to do this globally, it makes more sense to hack an
>> appropriate auditing call directly into the kernel. But that's a bit
>> trickier, perhaps.
>
> Just run the audit daemon, shirley?
Ah, it can do this already, can it? I wouldn't know: I've never felt the
need to run it.
> I'm told that some of our customers really use this to track every
> tiny change to every file.
I'm sure reviewing those logs is utterly fascinating.
--
NULL && (void)
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list