[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] File and folder access auditing, how?


On 2/2/06, Marcus Meissner <meissner@xxxxxxx> wrote:
> On Thu, Feb 02, 2006 at 11:34:10AM +0200, HG wrote:
> > Hello!
> >
> > Is it possible to set up file and folder access auditing on SuSE 9.2
> > or later (10.0)?
> > If so, how would one do that?
> >
> > I have some sensitive information now on SuSE 9.2 (that might be
> > updated to 10.X) and I'm looking for something similar to what I had
> > in Windows. I want to have a log somewhere that would indicate who has
> > used or tried to use the sensitive information.
> 10.0 has the beginnings of the upstream audit system, in the "audit"
> package, 10.1 has a bit further developed one.

I have 10.0 installed on home computer, so I will have to take a look.
But I take it that 9.2 doesn't have anything?

Perhaps a different thing, but I just heard from another source that I
should look at SELinux... is that included with Pro 9.2 or the latter?
And does that somehow relate to file access auditing?

> I am not sure it can audit to the full extend you need.

I'm not looking into very complex auditing. Almost any auditing would
be enough. It's more of something that needs to be implemented than
something that is crusial (currently I trust the users and the access
rights :-). But I do need to have some auditing on the file level too.

> 9.1 / SLES 9 has a EAL4+/CAPP capable audit system doing all you might
> want ... For 10.1 / SLES 10 this is planned too.

Unfortunately we are running the Pro 9.2 and are looking to upgrading
to 10.X (probably wait for the 10.1). I do not think we are going for
SLES... rather we might go for the OSS. Although, if no auditing can
be done there, then I will propose SLES. It's just that we are used to
the Pro and how it works and all that... I do not think we want to

> (Look for "audit watches".)

I will.


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here