OK, I checked out grsecurity and it can audit file accesses if they are disallowed by ACL's, but it cannot log accesses if the permissions allow them. Does anyone know of any other kernel patches that allow auditing and logging individual file-level access? Thanks again, for everyone's help. Andy. -----Original Message----- From: Skylar Thompson [mailto:skylar@attglobal.net] Sent: Thursday, October 03, 2002 6:35 PM To: ext3-users@redhat.com Subject: Re: Auditing filesystems for Linux? On Thu, Oct 03, 2002 at 04:23:31PM -0400, Rechenberg, Andrew wrote: > > Does anyone know of any Linux-based filesystem that does file-level > auditing and logs based on username? Does ext2/3 do such auditing > (stock or with patches)? I would like a filesystem that can be told to > audit and log file deletions and log the username that deleted the file > (similar to auditing on NTFS). > > I know, I should be using file permissions to prevent this type of > deletion from occurring, but in order for the database/application that > we are running to operate correctly, file permissions have to be set > -rw-rw-r--. Since all files have those permissions, anyone in a > particular group can write to a file and therefore can delete the file > should they want to, or fat finger a command and delete it accidentally. > > I've Googled on this query, but have yet to find any relevant > information. Any help would be greatly appreciated. I believe the Grsecurity kernel patch can be told to do that. See http://www.grsecurity.net for more information. -- -- Skylar Thompson (skylar@attglobal.net) -- http://lizw090-016.resnet.wisc.edu/~skylar/, http://www.earlham.edu/~thompsk/ _______________________________________________ Ext3-users@redhat.com https://listman.redhat.com/mailman/listinfo/ext3-users
