Security monitoring all file changes

[Artem Kuchin]

Hello!

We are running hosting servers and i think we need to monitor and log 
all changes in filesystems (ftp log is written already, but
we give shell access and also files can be changed by scripts), so, when 
a client asks when the file/directory
was changed or deleted and by whom we can answer that question.

In what directtion should i look? Is Audit the thing for it?

The problem with the whole idea is that i don't want to hog the raid 
with huge log of what happened to the files
every nanosecond.

For example, file is opened, writen 1000 times with write() and the 
closed. I don't want to get 1000 lines
in the log. Something like:

opened for write
write repeated 1000 times (just one line with repetition counter)
closed

whould be nice, but if not possible, then just open and closed logged, 
w/o write. Better than nothing.
Or maybe it can be very optimized binary log.
I have no idea what i am writing about :)

Thanks in advance!

Best  regards,
Artem


-- 
С уважением,
Артем Кучин
Компания "Ай Ти Легион"
www.itlegion.ru
www.hostilla.ru
+7 (495) 232-0338