[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: File watch on group



On Wednesday 18 July 2007 05:46:40 pm Ameel Kamboh wrote:
> I would like to put a watch on a file for rwxa for a
> File being accessed by someone who is not in the same group as the file.
>
> Can this be done using an audit rule?

On RHEL5 or 2.6.19 or higher:

auditctl -a exit,always -S all -F perm=rwxa -F gid!=root 
 -F path=/etc/localtime -k gid-rule

and to see results:

ausearch --start today -k gid-rule

The only limitation is that you need to know the group beforehand.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]