auditing subsystem
From: Russell Miller (rmiller_at_duskglow.com)
Date: 03/04/05
- Previous message: Jeff Garzik: "Re: [PATCH] trivial fix for 2.6.11 raid6 compilation on ppc w/ Altivec"
- Next in thread: Chris Wright: "Re: auditing subsystem"
- Reply: Chris Wright: "Re: auditing subsystem"
- Reply: Valdis.Kletnieks_at_vt.edu: "Re: auditing subsystem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: linux-kernel@vger.kernel.org Date: Thu, 3 Mar 2005 22:18:11 -0800
I've been doing a lot of research on this, and I keep coming up with things
that don't work, have been abandoned, or are almost impossible to find or get
working. So I'll ask here. Maybe one of the ultra-elightened linux gods
will have a ready answer.
I want to be able to audit system calls - I want to log when files are opened,
created, changed, deleted, etc. Preferably I would like to do it without
having to apply kernel patches, using vanilla (or close to vanilla) kernel.
If this isn't possible, my net preference is to use a module. If this isn't
possible, well, I'll do what I have to.
I notice there is a CONFIG_AUDIT option. Is this what I am looking for, and
how do I use it? /dev/audit seems not to work...
Thanks. If you can even point me a suitable FM to R, I'd be content.
--Russell
-- Russell Miller - rmiller@duskglow.com - Agoura, CA - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Previous message: Jeff Garzik: "Re: [PATCH] trivial fix for 2.6.11 raid6 compilation on ppc w/ Altivec"
- Next in thread: Chris Wright: "Re: auditing subsystem"
- Reply: Chris Wright: "Re: auditing subsystem"
- Reply: Valdis.Kletnieks_at_vt.edu: "Re: auditing subsystem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
