Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-24-2006, 08:58 AM
|
#1
|
LQ Newbie
Registered: Sep 2006
Posts: 2
Rep:
|
track file access on linux
Hi All,
*
Currently we are using Samba to access our share point on Linux server via a
windows workgroup. SELinux is enabled and everything works fine.
*
What I would like is a log file of all the files accessed. If the log file
logs IP address, user and application that would be great however just a log
of which files where access and a date/time stamp would be ample.
*
*I've searched all over the net and can't find a simple "How To" using SELinux
to allow for logging all file activity, in fact I can't find anything.
*
*Many thanks for any help anyone is able to offer. I'm absolutely sure someone
has tackled this issue and it may be as simple as starting up the right
service.
*
*Version of Linux Fedora Core 5 straight out the box.
*
*Regards,
*George Shafik
|
|
|
09-24-2006, 09:17 AM
|
#2
|
LQ Guru
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131
Rep:
|
Code:
b0uncer[~]$ whatis lsof
lsof (8) - list open files
b0uncer[~]$
..that explains one possible way. Though I'm not saying it's practical in any way for a long period watching, but..that's a start. lsof shows which files are open, read for more information.
p.S. I'm sure somebody has a way better way..
|
|
|
09-24-2006, 10:38 AM
|
#3
|
Member
Registered: Mar 2006
Distribution: RHEL, Fedora, Ubuntu
Posts: 32
Rep:
|
I don't know how to do this with SELinux, but you can try something like this for a more portable version that won't give you username/IP addresses information:
find /samba/share/point -mtime 0 -print0 | xargs -0 ls -al > access_log
This will give you a list of all files modified in the past 24 hours. Check out the man pages for find to see all of the options for time and date ranges if you would rather keep logs every hour, every three hours, etc.
|
|
|
09-25-2006, 12:55 AM
|
#4
|
LQ Newbie
Registered: Sep 2006
Posts: 2
Original Poster
Rep:
|
Many thanks "abegetchell" this will do the job.
Thanks for the quick response it is greatly appreciated.
Kind Regards,
George Shafik
|
|
|
All times are GMT -5. The time now is 12:16 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|