Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi All,
*
Currently we are using Samba to access our share point on Linux server via a
windows workgroup. SELinux is enabled and everything works fine.
*
What I would like is a log file of all the files accessed. If the log file
logs IP address, user and application that would be great however just a log
of which files where access and a date/time stamp would be ample.
*
*I've searched all over the net and can't find a simple "How To" using SELinux
to allow for logging all file activity, in fact I can't find anything.
*
*Many thanks for any help anyone is able to offer. I'm absolutely sure someone
has tackled this issue and it may be as simple as starting up the right
service.
*
*Version of Linux Fedora Core 5 straight out the box.
*
*Regards,
*George Shafik
b0uncer[~]$ whatis lsof
lsof (8) - list open files
b0uncer[~]$
..that explains one possible way. Though I'm not saying it's practical in any way for a long period watching, but..that's a start. lsof shows which files are open, read
I don't know how to do this with SELinux, but you can try something like this for a more portable version that won't give you username/IP addresses information:
This will give you a list of all files modified in the past 24 hours. Check out the man pages for find to see all of the options for time and date ranges if you would rather keep logs every hour, every three hours, etc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.