Mailinglist Archive: opensuse-security (81 mails)

< Previous Next >
Re: [suse-security] File and folder access auditing, how?
  • From: Thomas Biege <thomas@xxxxxxx>
  • Date: Thu, 2 Feb 2006 10:45:39 +0100
  • Message-id: <20060202094539.GC16793@xxxxxxx>
On Thu, Feb 02, 2006 at 11:34:10AM +0200, HG wrote:
> Hello!

Hello.


> Is it possible to set up file and folder access auditing on SuSE 9.2
> or later (10.0)?
> If so, how would one do that?
>
> I have some sensitive information now on SuSE 9.2 (that might be
> updated to 10.X) and I'm looking for something similar to what I had
> in Windows. I want to have a log somewhere that would indicate who has
> used or tried to use the sensitive information.


SLES8 (+SP) and SLES9 are CAPP EAL certified and provide
the Linux Audit Subsystem (LAuS). This system can be used
monitor file access.
The LAuS also runs on SL 8.1 and 9.1 and is available as
source from ftp://ftp.suse.com/pub/projects/security/laus/ .

In SL 10.0 we have the Lightweight Audit Framework (LAF) from
kernel mainline code. It is not as complete as LAuS and the
"watches" (monitor filesystem objects) only exist in the documentation,
unfortunately.


> --
> HG.

--
Bye,
Thomas
--
Thomas Biege <thomas@xxxxxxx>, SUSE LINUX, Security Support & Auditing
--

The sun comes up just about as often as it goes down,
in the long run, but this doesn't make its motion random.
-- Donald E. Knuth


< Previous Next >
References