logging failed access to security objects
I am trying to log all failed access to security objects. I currently have process accounting turned on so I see all commands run but that doesn't tell me success or failure of the command. I currently log all logins (successful and unsuccessful) but I can't find anywhere that the system logs failed access to security objects. For example if someone who isn't authorized tries to read or copy my /etc/shadow file or my log files. I have it set up so my system denies them access but I can't figure out how to make it log that someone tried to access them and was denied. I googled for various forms of this but haven't found anything yet. Anyone know??
|
I can't find anywhere that the system logs failed access to security objects. For example if someone who isn't authorized tries to read or copy my /etc/shadow file or my log files. I have it set up so my system denies them access but I can't figure out how to make it log that someone tried to access them and was denied.
Have a look at GRSecurity, it's ACL and audit functionality. |
All times are GMT -5. The time now is 12:04 PM. |