[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] File and folder access auditing, how?

On Thu, Feb 02, 2006 at 11:34:10AM +0200, HG wrote:
> Hello!


> Is it possible to set up file and folder access auditing on SuSE 9.2
> or later (10.0)?
> If so, how would one do that?
> I have some sensitive information now on SuSE 9.2 (that might be
> updated to 10.X) and I'm looking for something similar to what I had
> in Windows. I want to have a log somewhere that would indicate who has
> used or tried to use the sensitive information.

SLES8 (+SP) and SLES9 are CAPP EAL certified and provide
the Linux Audit Subsystem (LAuS). This system can be used
monitor file access.
The LAuS also runs on SL 8.1 and 9.1 and is available as
source from ftp://ftp.suse.com/pub/projects/security/laus/ .

In SL 10.0 we have the Lightweight Audit Framework (LAF) from
kernel mainline code. It is not as complete as LAuS and the
"watches" (monitor filesystem objects) only exist in the documentation,

> --
> HG.

 Thomas Biege <thomas@xxxxxxx>, SUSE LINUX, Security Support & Auditing

  The sun comes up just about as often as it goes down,
  in the long run, but this doesn't make its motion random.
				-- Donald E. Knuth

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here