Mailinglist Archive: opensuse-security (81 mails)

< Previous Next >
Re: [suse-security] File and folder access auditing, how?
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Thu, 2 Feb 2006 10:42:08 +0100
  • Message-id: <20060202094208.GA2681@xxxxxxx>
On Thu, Feb 02, 2006 at 11:34:10AM +0200, HG wrote:
> Hello!
>
> Is it possible to set up file and folder access auditing on SuSE 9.2
> or later (10.0)?
> If so, how would one do that?
>
> I have some sensitive information now on SuSE 9.2 (that might be
> updated to 10.X) and I'm looking for something similar to what I had
> in Windows. I want to have a log somewhere that would indicate who has
> used or tried to use the sensitive information.

10.0 has the beginnings of the upstream audit system, in the "audit"
package, 10.1 has a bit further developed one.
I am not sure it can audit to the full extend you need.

9.1 / SLES 9 has a EAL4+/CAPP capable audit system doing all you might
want ... For 10.1 / SLES 10 this is planned too.

(Look for "audit watches".)

Ciao, Marcus

< Previous Next >
Follow Ups
References