Auditing File Changes

[Steve Grubb]

On Monday 10 July 2006 18:09, eklinger at uci.edu wrote:
> The original idea was to prevent the user from opening the file in any
> text or hex editor and changing the file or the file's allowed operations,
> which would be stored in the file itself.

The access has already occured by the time the audit system tells you about 
it. You are simply too late. What you need its access control. The MCS 
capabilities in SE Linux/FC5 may help you. You can google for MCS.

-Steve