Directory structure auditing - a case
Michael C Thompson
mcthomps at us.ibm.com
Thu Nov 17 21:58:42 UTC 2005
linux-audit-bounces at redhat.com wrote on 11/17/2005 02:22:15 PM:
>
> Amy and I talked about this briefly a week or so ago. Her current
> patch will not support this functionality as-is but we think it is
> possible to develop a follow-up patch that supports watching individual
> directories. Its probably not possible to audit an entire directory
> structure with a single watch but if one is willing to specify each
> directory to be audited, then we might be able to provide that
> capability.
Would it be possible to have a watch that instructs a parent to watch its
children? Perhaps that is what you are saying here... If so, that would
be a very reasonable action.
What is the limiting aspect that would not allow you to watch deeper than
just 1 set of children? Obviously, this could be set up with some kind of
script or automation on the user's behalf if its not possible, but I can
see
Mont's request being a very common one.
Mike
>
> -- ljk
>
>
> Steve Grubb wrote:
> > On Thursday 17 November 2005 12:05, Mont Rothstein wrote:
> >
> >>The number of files could be in the millions, far too many to add a
rule
> >>for each file.
> >
> >
> > Amy, since the new file system audit code is using the inotify
> interface, will
> > this be possible?
> >
> > -Steve
> >
> > --
> > Linux-audit mailing list
> > Linux-audit at redhat.com
> > https://www.redhat.com/mailman/listinfo/linux-audit
> >
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20051117/b32517fd/attachment.htm>
More information about the Linux-audit
mailing list