Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 Apr 2011 17:53:04 +0400
From:      Artem Kuchin <matrix@itlegion.ru>
To:        questions@freebsd.org
Subject:   Security monitoring all file changes
Message-ID:  <4DB036C0.3020203@itlegion.ru>

Next in thread | Raw E-Mail | Index | Archive | Help
Hello!

We are running hosting servers and i think we need to monitor and log=20
all changes in filesystems (ftp log is written already, but
we give shell access and also files can be changed by scripts), so, when =

a client asks when the file/directory
was changed or deleted and by whom we can answer that question.

In what directtion should i look? Is Audit the thing for it?

The problem with the whole idea is that i don't want to hog the raid=20
with huge log of what happened to the files
every nanosecond.

For example, file is opened, writen 1000 times with write() and the=20
closed. I don't want to get 1000 lines
in the log. Something like:

opened for write
write repeated 1000 times (just one line with repetition counter)
closed

whould be nice, but if not possible, then just open and closed logged,=20
w/o write. Better than nothing.
Or maybe it can be very optimized binary log.
I have no idea what i am writing about :)

Thanks in advance!

Best  regards,
Artem


--=20
=F3 =D5=D7=C1=D6=C5=CE=C9=C5=CD,
=E1=D2=D4=C5=CD =EB=D5=DE=C9=CE
=EB=CF=CD=D0=C1=CE=C9=D1 "=E1=CA =F4=C9 =EC=C5=C7=C9=CF=CE"
www.itlegion.ru
www.hostilla.ru
+7 (495) 232-0338





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4DB036C0.3020203>