CD Burner Auditing
Boyce, Kevin P. (AS)
kevin.boyce at ngc.com
Tue Apr 22 19:14:28 UTC 2014
Does anyone know if it is possible to audit what filenames users are
burning to optical media?
I suppose I can put a watch on the /dev/sr0 device for write events, but
this does not give me any idea what was written to the disc. I suppose
I could also set an execve watch all burner programs, eg. /usr/bin/k3b
/usr/bin/brasero /usr/bin/cdrecord /usr/bin/cdrdao /usr/bin/dvdrecord,
to know if someone opened the burning interface; but how could I tell
what it was they were writing?
Any suggestions are welcome.
Kevin
More information about the Linux-audit
mailing list