[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Auditing File Changes



On Monday 10 July 2006 13:29, eklinger uci edu wrote:
> Please forgive me if this has been asked, but will the file watch
> functionality

We only go after an open command with write permission turned on. The case 
being that you can fill up your logs quickly by intercepting all writes.

> be able to intercept writes and/or be able to intercept the 
> actual changes to the file and report those, in addition to the fact that
> the file was modified? 

No, it will not. If you need to see actual changes, then you need to 
instrument the program in question to log changes. You can look at passwd or 
hwclock as an example of this.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]