LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   logging failed access to security objects (https://www.linuxquestions.org/questions/linux-security-4/logging-failed-access-to-security-objects-196773/)

tbeaton 06-23-2004 08:02 AM
logging failed access to security objects
 
I am trying to log all failed access to security objects. I currently have process accounting turned on so I see all commands run but that doesn't tell me success or failure of the command. I currently log all logins (successful and unsuccessful) but I can't find anywhere that the system logs failed access to security objects. For example if someone who isn't authorized tries to read or copy my /etc/shadow file or my log files. I have it set up so my system denies them access but I can't figure out how to make it log that someone tried to access them and was denied. I googled for various forms of this but haven't found anything yet. Anyone know??

unSpawn 06-24-2004 05:05 PM
I can't find anywhere that the system logs failed access to security objects. For example if someone who isn't authorized tries to read or copy my /etc/shadow file or my log files. I have it set up so my system denies them access but I can't figure out how to make it log that someone tried to access them and was denied.
Have a look at GRSecurity, it's ACL and audit functionality.


All times are GMT -5. The time now is 12:04 PM.