On Thu, Feb 02, 2006 at 11:34:10AM +0200, HG wrote:
Hello!
Is it possible to set up file and folder access auditing on SuSE 9.2 or later (10.0)? If so, how would one do that?
I have some sensitive information now on SuSE 9.2 (that might be updated to 10.X) and I'm looking for something similar to what I had in Windows. I want to have a log somewhere that would indicate who has used or tried to use the sensitive information.
10.0 has the beginnings of the upstream audit system, in the "audit" package, 10.1 has a bit further developed one. I am not sure it can audit to the full extend you need. 9.1 / SLES 9 has a EAL4+/CAPP capable audit system doing all you might want ... For 10.1 / SLES 10 this is planned too. (Look for "audit watches".) Ciao, Marcus