[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-kernel
Subject:    auditing subsystem
From:       Russell Miller <rmiller () duskglow ! com>
Date:       2005-03-04 6:18:11
Message-ID: 200503032218.12062.rmiller () duskglow ! com
[Download RAW message or body]

I've been doing a lot of research on this, and I keep coming up with things 
that don't work, have been abandoned, or are almost impossible to find or get 
working.  So I'll ask here.  Maybe one of the ultra-elightened linux gods 
will have a ready answer.

I want to be able to audit system calls - I want to log when files are opened, 
created, changed, deleted, etc.  Preferably I would like to do it without 
having to apply kernel patches, using vanilla (or close to vanilla) kernel.  
If this isn't possible, my net preference is to use a module.  If this isn't 
possible, well, I'll do what I have to.

I notice there is a CONFIG_AUDIT option.  Is this what I am looking for, and 
how do I use it?  /dev/audit seems not to work...

Thanks.  If you can even point me a suitable FM to R, I'd be content.

--Russell

-- 

Russell Miller - rmiller@duskglow.com - Agoura, CA
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
[prev in list] [next in list] [prev in thread] [next in thread]