On Thu, Feb 02, 2006 at 11:34:10AM +0200, HG wrote:
Hello!
Hello.
Is it possible to set up file and folder access auditing on SuSE 9.2 or later (10.0)? If so, how would one do that?
I have some sensitive information now on SuSE 9.2 (that might be updated to 10.X) and I'm looking for something similar to what I had in Windows. I want to have a log somewhere that would indicate who has used or tried to use the sensitive information.
SLES8 (+SP) and SLES9 are CAPP EAL certified and provide the Linux Audit Subsystem (LAuS). This system can be used monitor file access. The LAuS also runs on SL 8.1 and 9.1 and is available as source from ftp://ftp.suse.com/pub/projects/security/laus/ . In SL 10.0 we have the Lightweight Audit Framework (LAF) from kernel mainline code. It is not as complete as LAuS and the "watches" (monitor filesystem objects) only exist in the documentation, unfortunately.
-- HG.
--
Bye,
Thomas
--
Thomas Biege