On Thu, Oct 03, 2002 at 04:23:31PM -0400, Rechenberg, Andrew wrote: > > Does anyone know of any Linux-based filesystem that does file-level > auditing and logs based on username? Does ext2/3 do such auditing > (stock or with patches)? I would like a filesystem that can be told to > audit and log file deletions and log the username that deleted the file > (similar to auditing on NTFS). > > I know, I should be using file permissions to prevent this type of > deletion from occurring, but in order for the database/application that > we are running to operate correctly, file permissions have to be set > -rw-rw-r--. Since all files have those permissions, anyone in a > particular group can write to a file and therefore can delete the file > should they want to, or fat finger a command and delete it accidentally. > > I've Googled on this query, but have yet to find any relevant > information. Any help would be greatly appreciated. I believe the Grsecurity kernel patch can be told to do that. See http://www.grsecurity.net for more information. -- -- Skylar Thompson (skylar@attglobal.net) -- http://lizw090-016.resnet.wisc.edu/~skylar/, http://www.earlham.edu/~thompsk/
Attachment:
pgp00006.pgp
Description: PGP signature
