Monitoring FS operations
Jon Burgess
jburgess at uklinux.net
Tue May 23 20:23:18 UTC 2006
On Tue, 2006-05-23 at 15:47 -0400, Kevin Strong wrote:
> THAT is what I'm looking for. I'm assuming that there isn't anything
> that's more production-ready than that.
>
> Thank you!
There are also some LSM based possibilities, although the LSM wasn't
intended to be used for quite this task. SELinux could potentially give
you an audit trail of what application did what and when via the audit
messages. Unfortunately it does everything based on the file label and
doesn't really care about the file path (it does log the device+inode
though).
Another possibility is AppArmour http://en.opensuse.org/AppArmor . I
don't know if it is any more production ready or if it can be persuaded
to do what you want. It enforces a file access policy for any given
application based on file-path (so it must be tracking the file paths at
open time).
Jon
More information about the Ext3-users
mailing list