[clue] file-system activity logging
Will Sterling
will.sterling at gmail.com
Mon Jan 9 10:48:32 MST 2012
Can you audit the file system on the NFS server instead of the client?
On Jan 9, 2012, at 10:44 AM, "David L. Willson" <DLWillson at thegeek.nu> wrote:
> audit / auditd / kernel auditing is definitely the most correct answer to my original question. I'd run into it during my mad Googling, but I had gotten the (false) impression that it only watched specific files.
>
> Now, I'm working on a follow-up question: Is there a way to hook the mounting of a file-system (or just nfs file systems). i.e.: What if the nfs resource I care about auditing gets mounted at an unexpected location after I've begun auditing?
>
> Ideally, I want to be able to confidently say that I've audited every file open attempt over nfs during a particular window of time.
>
> Google, google, read, study...
>
> David L. Willson
> Trainer, Engineer, Enthusiast
> RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP
> tel://720.333.LANS
> Freedom is better when you earn it. Learn Linux.
>
> ----- Original Message -----
>> David L. Willson wrote:
>>> Anyone got a strategy for recording every file open on a particular
>>> mount?
>>
>> fam or inotify-tools seem to do that sort of thing.
>>
>> Dave
>> _______________________________________________
>> clue mailing list: clue at cluedenver.org
>> For information, account preferences, or to unsubscribe see:
>> http://cluedenver.org/mailman/listinfo/clue
>>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
More information about the clue
mailing list