-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2015-01-20 16:41, Stefan Seyfried wrote:
Am 20.01.2015 um 15:01 schrieb Carlos E. R.:
On 2015-01-20 14:03, Stefan Seyfried wrote:
systemtap is one possibility to get the required information.
I agree.
I'm unfamiliar with that one, but apparmour is another. Do you know of a link that explains "systemtap"?
zypper in systemtap sytemtap-docs then go through /usr/share/doc/packages/systemtap/examples/
Beware: as any powerful tool, it is not for the faint of heart :) To actually use it, you also need the debuginfo matching your running kernel installed which needs quite some space:
Ok, then apparmor is far easier: nothing is required. I can dig out the details from my notes somewhere, or Cristian could tell it: it was actually his idea, years ago ;-) Now I have to do something else. Wait... I found the note: it was filled as apparmour instead of apparmor. +++—-—-—-—-—-—-—-—-—-—-—-—- try this: # auditctl -w /dev/null -p a # auditctl -e 1 and then watch the logs... if auditctl is not found, when you execute it as root, install package "audit" Date: Fri, 06 Mar 2009 12:04:21 -0300 From: Cristian Rodríguez <> —-—-—-—-—-—-—-—-—-—-—-—-++- The above will detect a change to /dev/null. Read the manual, the options are different depending on what type of change or access you want to detect. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlS+gLEACgkQtTMYHG2NR9UpSgCdGecNzQazG9GNdKDrdLhfewFg M5wAoILtWC1DWScXMjGYHxLTV94nB2wy =iSA2 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org