Date: Thu, 21 Apr 2011 17:53:04 +0400 From: Artem Kuchin <matrix@itlegion.ru> To: questions@freebsd.org Subject: Security monitoring all file changes Message-ID: <4DB036C0.3020203@itlegion.ru>
next in thread | raw e-mail | index | archive | help
Hello! We are running hosting servers and i think we need to monitor and log=20 all changes in filesystems (ftp log is written already, but we give shell access and also files can be changed by scripts), so, when = a client asks when the file/directory was changed or deleted and by whom we can answer that question. In what directtion should i look? Is Audit the thing for it? The problem with the whole idea is that i don't want to hog the raid=20 with huge log of what happened to the files every nanosecond. For example, file is opened, writen 1000 times with write() and the=20 closed. I don't want to get 1000 lines in the log. Something like: opened for write write repeated 1000 times (just one line with repetition counter) closed whould be nice, but if not possible, then just open and closed logged,=20 w/o write. Better than nothing. Or maybe it can be very optimized binary log. I have no idea what i am writing about :) Thanks in advance! Best regards, Artem --=20 =F3 =D5=D7=C1=D6=C5=CE=C9=C5=CD, =E1=D2=D4=C5=CD =EB=D5=DE=C9=CE =EB=CF=CD=D0=C1=CE=C9=D1 "=E1=CA =F4=C9 =EC=C5=C7=C9=CF=CE" www.itlegion.ru www.hostilla.ru +7 (495) 232-0338
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DB036C0.3020203>