Re: [audit] Upstream solution for auditing file system objects

From: Valdis . Kletnieks
Date: Fri Dec 10 2004 - 09:32:05 EST

Next message: Josh Boyer: "Re: [RFC PATCH] debugfs - yet another in-kernel file system"
Previous message: David Howells: "Re: [PATCH 4/5] NOMMU: Make POSIX shmem work on ramfs-backed files"
In reply to: Paul Rolland: "Re: [audit] Upstream solution for auditing file system objects"
Next in thread: Timothy Chavez: "Re: [audit] Upstream solution for auditing file system objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 10 Dec 2004 00:02:31 GMT, Timothy Chavez said:

> Over the last two months, I've been given the daunting task of
> implementing a feature by which an administrator can specify from user
> space, a list of file system objects (namely regular files and
> directories) that he/she wishes to audit.

One *big* question that you don't address at all in your mail:

Do you need *real time* tracking of changes/etc, in which case inotify or
something based on it are probably an approach to follow (note that I don't
think inotify currently deals with read-only access to a file).

Or do you not care about real-time tracking, but have a requirement to be
able to go back and say "Oh, at 9:03:38.99342 last Tuesday, user XYZ
tried to open this file" - if that's what you want, you probably want to
look at the audit subsystem and its support for syscall auditing.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Josh Boyer: "Re: [RFC PATCH] debugfs - yet another in-kernel file system"
Previous message: David Howells: "Re: [PATCH 4/5] NOMMU: Make POSIX shmem work on ramfs-backed files"
In reply to: Paul Rolland: "Re: [audit] Upstream solution for auditing file system objects"
Next in thread: Timothy Chavez: "Re: [audit] Upstream solution for auditing file system objects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]