[clue] file-system activity logging
David L. Willson
DLWillson at TheGeek.NU
Mon Jan 9 10:44:10 MST 2012
audit / auditd / kernel auditing is definitely the most correct answer to my original question. I'd run into it during my mad Googling, but I had gotten the (false) impression that it only watched specific files.
Now, I'm working on a follow-up question: Is there a way to hook the mounting of a file-system (or just nfs file systems). i.e.: What if the nfs resource I care about auditing gets mounted at an unexpected location after I've begun auditing?
Ideally, I want to be able to confidently say that I've audited every file open attempt over nfs during a particular window of time.
Google, google, read, study...
David L. Willson
Trainer, Engineer, Enthusiast
RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP
tel://720.333.LANS
Freedom is better when you earn it. Learn Linux.
----- Original Message -----
> David L. Willson wrote:
> > Anyone got a strategy for recording every file open on a particular
> > mount?
>
> fam or inotify-tools seem to do that sort of thing.
>
> Dave
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
More information about the clue
mailing list