Directory structure auditing - a case

Mont Rothstein mont.rothstein at gmail.com
Thu Nov 17 17:05:04 UTC 2005


It was suggested to me that readers of this list might be interested in
hearing our use case for directory structure auditing (auditing all of the
files below a directory). So here it is.

We write digital asset management (management of photos, sound files, video
files, etc.) software for law enforcement agencies.

These agencies are not only interested in whether a digital asset is
untouched (for which we assign a hash), but also in who has had access to
any given file and what they did with it (read, write, ???.).

The number of files could be in the millions, far too many to add a rule for
each file.

Building a rule for each user is not only operationally undesirable it would
also mean that if those users actually logged into the server every file
they accessed would be logged, not just the files we care about.

We want/need to catch all access to the files in our directory structure
including any management/administrative access, therefore we would like
*all* users access to these files logged, not just a subset of common
(non-admin) users.

That is it. Not terribly complex.

If anyone has any questions I will do my best to answer them.

-Mont
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20051117/99b33181/attachment.htm>


More information about the Linux-audit mailing list