Re: file access auditing


From: Amon Ott <ao@rsbac.org>
Subject: Re: file access auditing
Date: Tue, 10 Jul 2001 17:57:26 +0200

Next Article (by Subject): Re: file access auditing johnston@megaepic.com
Previous Article (by Subject): file access auditing johnston@megaepic.com
Top of Thread: file access auditing johnston@megaepic.com
Next in Thread: Re: file access auditing johnston@megaepic.com
Articles sorted by: [Date] [Author] [Subject]


On Die, 10 Jul 2001 johnston@megaepic.com wrote:
> I've heard suggestions that RSBAC can be used to audit file accesses. I'd
> like to do this. Is there a howto that covers it? I'd like to audit, for
> instance, all open as write to /etc/passwd. Is that possible?

Please read the logging document at http://www.rsbac.org/logging.htm.

It is simple to let all write accesses be logged with individual object
logging. As secoff, try running
rsbac_fd_menu /etc/passwd
and pressing return on log_array_low.

At the logging source, e.g. via syslogd or from /proc/rsbac-info/rmsg,
you can grep all logged data.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: file access auditing johnston@megaepic.com
Previous Article (by Subject): file access auditing johnston@megaepic.com
Top of Thread: file access auditing johnston@megaepic.com
Next in Thread: Re: file access auditing johnston@megaepic.com
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.