From: Amon Ott <ao@rsbac.org>
Subject: Re: file access auditing
Date: Tue, 10 Jul 2001 17:57:26 +0200
Next Article (by Subject): Re: file access auditing johnston@megaepic.com
Previous Article (by Subject): file access auditing johnston@megaepic.com
Top of Thread: file access auditing johnston@megaepic.com
Next in Thread: Re: file access auditing johnston@megaepic.com
Articles sorted by: [Date]
[Author]
[Subject]
On Die, 10 Jul 2001 johnston@megaepic.com wrote: > I've heard suggestions that RSBAC can be used to audit file accesses. I'd > like to do this. Is there a howto that covers it? I'd like to audit, for > instance, all open as write to /etc/passwd. Is that possible? Please read the logging document at http://www.rsbac.org/logging.htm. It is simple to let all write accesses be logged with individual object logging. As secoff, try running rsbac_fd_menu /etc/passwd and pressing return on log_array_low. At the logging source, e.g. via syslogd or from /proc/rsbac-info/rmsg, you can grep all logged data. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Re: file access auditing johnston@megaepic.com
Previous Article (by Subject): file access auditing johnston@megaepic.com
Top of Thread: file access auditing johnston@megaepic.com
Next in Thread: Re: file access auditing johnston@megaepic.com
Articles sorted by: [Date]
[Author]
[Subject]