[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-kernel
Subject: auditing subsystem
From: Russell Miller <rmiller () duskglow ! com>
Date: 2005-03-04 6:18:11
Message-ID: 200503032218.12062.rmiller () duskglow ! com
[Download RAW message or body]
I've been doing a lot of research on this, and I keep coming up with things
that don't work, have been abandoned, or are almost impossible to find or get
working. So I'll ask here. Maybe one of the ultra-elightened linux gods
will have a ready answer.
I want to be able to audit system calls - I want to log when files are opened,
created, changed, deleted, etc. Preferably I would like to do it without
having to apply kernel patches, using vanilla (or close to vanilla) kernel.
If this isn't possible, my net preference is to use a module. If this isn't
possible, well, I'll do what I have to.
I notice there is a CONFIG_AUDIT option. Is this what I am looking for, and
how do I use it? /dev/audit seems not to work...
Thanks. If you can even point me a suitable FM to R, I'd be content.
--Russell
--
Russell Miller - rmiller@duskglow.com - Agoura, CA
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic