[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Auditing filesystems for Linux?

On Thu, Oct 03, 2002 at 04:23:31PM -0400, Rechenberg, Andrew wrote:
> Does anyone know of any Linux-based filesystem that does file-level
> auditing and logs based on username?  Does ext2/3 do such auditing
> (stock or with patches)?  I would like a filesystem that can be told to
> audit and log file deletions and log the username that deleted the file
> (similar to auditing on NTFS).
> I know, I should be using file permissions to prevent this type of
> deletion from occurring, but in order for the database/application that
> we are running to operate correctly, file permissions have to be set
> -rw-rw-r--.  Since all files have those permissions, anyone in a
> particular group can write to a file and therefore can delete the file
> should they want to, or fat finger a command and delete it accidentally.
> I've Googled on this query, but have yet to find any relevant
> information.  Any help would be greatly appreciated.

I believe the Grsecurity kernel patch can be told to do that. See
http://www.grsecurity.net for more information.

-- Skylar Thompson (skylar attglobal net)
-- http://lizw090-016.resnet.wisc.edu/~skylar/, http://www.earlham.edu/~thompsk/

Attachment: pgp00003.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]