Date: Thu, 21 Apr 2011 17:53:04 +0400 From: Artem Kuchin <matrix@itlegion.ru> To: questions@freebsd.org Subject: Security monitoring all file changes Message-ID: <4DB036C0.3020203@itlegion.ru>
index | next in thread | raw e-mail
Hello! We are running hosting servers and i think we need to monitor and log all changes in filesystems (ftp log is written already, but we give shell access and also files can be changed by scripts), so, when a client asks when the file/directory was changed or deleted and by whom we can answer that question. In what directtion should i look? Is Audit the thing for it? The problem with the whole idea is that i don't want to hog the raid with huge log of what happened to the files every nanosecond. For example, file is opened, writen 1000 times with write() and the closed. I don't want to get 1000 lines in the log. Something like: opened for write write repeated 1000 times (just one line with repetition counter) closed whould be nice, but if not possible, then just open and closed logged, w/o write. Better than nothing. Or maybe it can be very optimized binary log. I have no idea what i am writing about :) Thanks in advance! Best regards, Artem -- С уважением, Артем Кучин Компания "Ай Ти Легион" www.itlegion.ru www.hostilla.ru +7 (495) 232-0338help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DB036C0.3020203>