At my place we don't use SELinux because we have a gazillion tonnes of
legacy software that just are not compatible with the default policies.
No one wants to go to the effort of working out everything that needs
changing.
We also use cfengine for central management. Which somestimes causes
a problem when CFe modifies a file that I don't want modified on my
machine.
So I want to be able to track when specific files were changed. My
obvious thought was "create an SELinux audit policy that can track
file changes, raise a log message", and we can monitor the logs.
At this point I'm at a loss.
Let's say I want to know when /local/app/my_app/etc/myfile.conf has been
modified; how would I do this?
Any ideas?
Failing that I guess I could use inotify, but I don't know how well this
would scale to 100s of files.
Thanks!
--
rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
