views:

89

answers:

1

Corporate security policies are starting to require low level event logging. For example, file access permission changes. One solution is to use SELinux but our knowledge of this is sparse at best. Another is to replace the command with a proxy which performs auditing (this sucks though).

Any ideas?

+3  A: 

I think you can look at auditd: http://linux.die.net/man/8/auditd

Also check this thread please: http://www.linuxforums.org/forum/linux-security/109864-auditing-logging-all-commands-arguments.html

FractalizeR
Thanks for that. I think that'll solve the problem.
Kango_V
You are welcome ;)
FractalizeR
+1 nice solution for his problem. Really matches his needs.
bastianneu

related questions