LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page How do I log all changes to a portion of the filesystem?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-08-2004, 03:51 PM   #1
Ziv
LQ Newbie
 
Registered: May 2004
Location: WA
Distribution: RedHat 7.3/9/ES
Posts: 13

Rep: Reputation: 0
How do I log all changes to a portion of the filesystem?

I would like to set up a daemon or something that logs all changes to a certain part of the filesystem. I have a particular directory that is the main "storage" area for all the users who access the server.
What I would like to log is:
- The filename and path that was modified (modified = added, changed, deleted).
- When the change was made
- What user made the change

This would help track down accidental moves and or deletions.
It would also add a bit of auditing to see who is doing what where.

I know that ext3 is a journaling fs, but it sounds like the journal is only written for a particular operation and then once the transaction is complete, the journal entries are deleted. Is there a way to connect this to a archive of changes and tag it with the information I would like to store?

As always, any tips are greatly appreciated.

Ziv

Also, the users connect to the server via Samba from windows machines.
Last edited by Ziv; 07-08-2004 at 03:52 PM.
 
Old 07-12-2004, 05:06 PM   #2
Ztyx
Member
 
Registered: Dec 2001
Location: Stockholm, Sweden
Distribution: Ubuntu, Kubuntu and Debian
Posts: 338

Rep: Reputation: 30
I know tripwire can monitor file changes, perhaps you could configure it also to monitor directory changes?
 
Old 07-12-2004, 07:16 PM   #3
Ziv
LQ Newbie
 
Registered: May 2004
Location: WA
Distribution: RedHat 7.3/9/ES
Posts: 13

Original Poster
Rep: Reputation: 0
Thank you I will check it out...
Tripwire sounds interesting. I will do a little research.

Is anyone here using it?
I could use some hints before I RTM.

Thanks,
Ziv
 
Old 07-12-2004, 08:59 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Tripwire works pretty well (though it has trouble compiling from source on some distros). Aide, samhain, afick are a few others. There are actuallly even more listed in the security references thread .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Only portion of screen used on ThinkPad tp600 Slackware 3 05-21-2005 08:08 PM
Nvidia. Tv-out. Right portion of screen missing. mooreted Mandriva 3 09-01-2004 10:09 PM
AIRFLO controller - digital portion mykrob Linux - Hardware 1 07-11-2004 08:10 AM
How to uncover the blocked portion of a window? gxie Linux - General 2 11-21-2003 10:50 AM
printer setup- router portion Brain Drop Linux - Hardware 0 08-21-2003 10:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:28 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration