I can't create true log file.
Steve Grubb
sgrubb at redhat.com
Wed Mar 15 13:25:34 UTC 2006
On Wednesday 15 March 2006 04:29, Evren Kalayciklioglu wrote:
> What i want to do that: when a user changes a file or
> its contains the system make a log file containing
> when it be done, who did it, which user did it.
Depending on the kernel you are using, audit can do this for you. What you are
trying to do is called adding a watch. The RHEL4 kernel can do this. We are
currently working to get a patch upstream that will allow all kernels to do
this.
> Because i want user name but it give user id,
They are one in the same. ausearch -i will interpret the numbers to names.
> i want file name but it give a number.
Huh? The filename would be in a WATCH record or PATH record. It is sometimes
encoded when a character is in the filename that is also used as a delimiter,
but once again, ausearch will do the conversion.
> I also want to add printing jobs in this log file the same conditions.
This would be difficult in the current utilities. One would need to patch cups
for this...which is being done for our LSPP work. But it won't be available
for a little while longer.
> On the other hand; i think i can't be successful for configuration and rules
> files.
The capp.rules file has examples. Look for the "-w" lines, but once again,
only the RHEL4 U2 and higher kernels can do this.
-Steve
More information about the Linux-audit
mailing list