[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Monitoring FS operations

On Tue, 2006-05-23 at 15:47 -0400, Kevin Strong wrote:

> THAT is what I'm looking for.  I'm assuming that there isn't anything 
> that's more production-ready than that.
> Thank you!

There are also some LSM based possibilities, although the LSM wasn't
intended to be used for quite this task. SELinux could potentially give
you an audit trail of what application did what and when via the audit
messages. Unfortunately it does everything based on the file label and
doesn't really care about the file path (it does log the device+inode

Another possibility is AppArmour http://en.opensuse.org/AppArmor . I
don't know if it is any more production ready or if it can be persuaded
to do what you want. It enforces a file access policy for any given
application based on file-path (so it must be tracking the file paths at
open time). 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]