[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Auditing filesystems for Linux?



OK, I checked out grsecurity and it can audit file accesses if they are
disallowed by ACL's, but it cannot log accesses if the permissions allow
them.  

Does anyone know of any other kernel patches that allow auditing and
logging individual file-level access?

Thanks again, for everyone's help.

Andy.

-----Original Message-----
From: Skylar Thompson [mailto:skylar attglobal net] 
Sent: Thursday, October 03, 2002 6:35 PM
To: ext3-users redhat com
Subject: Re: Auditing filesystems for Linux?


On Thu, Oct 03, 2002 at 04:23:31PM -0400, Rechenberg, Andrew wrote:
> 
> Does anyone know of any Linux-based filesystem that does file-level
> auditing and logs based on username?  Does ext2/3 do such auditing
> (stock or with patches)?  I would like a filesystem that can be told
to
> audit and log file deletions and log the username that deleted the
file
> (similar to auditing on NTFS).
> 
> I know, I should be using file permissions to prevent this type of
> deletion from occurring, but in order for the database/application
that
> we are running to operate correctly, file permissions have to be set
> -rw-rw-r--.  Since all files have those permissions, anyone in a
> particular group can write to a file and therefore can delete the file
> should they want to, or fat finger a command and delete it
accidentally.
> 
> I've Googled on this query, but have yet to find any relevant
> information.  Any help would be greatly appreciated.

I believe the Grsecurity kernel patch can be told to do that. See
http://www.grsecurity.net for more information.

-- 
-- Skylar Thompson (skylar attglobal net)
-- http://lizw090-016.resnet.wisc.edu/~skylar/,
http://www.earlham.edu/~thompsk/





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]