Re: [audit] Upstream solution for auditing file system objects
From: Valdis . Kletnieks
Date: Fri Dec 10 2004 - 09:32:05 EST
On Fri, 10 Dec 2004 00:02:31 GMT, Timothy Chavez said:
> Over the last two months, I've been given the daunting task of
> implementing a feature by which an administrator can specify from user
> space, a list of file system objects (namely regular files and
> directories) that he/she wishes to audit.
One *big* question that you don't address at all in your mail:
Do you need *real time* tracking of changes/etc, in which case inotify or
something based on it are probably an approach to follow (note that I don't
think inotify currently deals with read-only access to a file).
Or do you not care about real-time tracking, but have a requirement to be
able to go back and say "Oh, at 9:03:38.99342 last Tuesday, user XYZ
tried to open this file" - if that's what you want, you probably want to
look at the audit subsystem and its support for syscall auditing.
Attachment:
pgp00000.pgp
Description: PGP signature