Security monitoring all file changes
Artem Kuchin
matrix at itlegion.ru
Thu Apr 21 14:19:58 UTC 2011
Hello!
We are running hosting servers and i think we need to monitor and log
all changes in filesystems (ftp log is written already, but
we give shell access and also files can be changed by scripts), so, when
a client asks when the file/directory
was changed or deleted and by whom we can answer that question.
In what directtion should i look? Is Audit the thing for it?
The problem with the whole idea is that i don't want to hog the raid
with huge log of what happened to the files
every nanosecond.
For example, file is opened, writen 1000 times with write() and the
closed. I don't want to get 1000 lines
in the log. Something like:
opened for write
write repeated 1000 times (just one line with repetition counter)
closed
whould be nice, but if not possible, then just open and closed logged,
w/o write. Better than nothing.
Or maybe it can be very optimized binary log.
I have no idea what i am writing about :)
Thanks in advance!
Best regards,
Artem
--
С уважением,
Артем Кучин
Компания "Ай Ти Легион"
www.itlegion.ru
www.hostilla.ru
+7 (495) 232-0338
More information about the freebsd-questions
mailing list