From owner-freebsd-questions@FreeBSD.ORG  Fri Apr 22 23:16:18 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9DF081065670
	for <questions@freebsd.org>; Fri, 22 Apr 2011 23:16:18 +0000 (UTC)
	(envelope-from nomadlogic@gmail.com)
Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com
	[209.85.218.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 1F4D38FC14
	for <questions@freebsd.org>; Fri, 22 Apr 2011 23:16:17 +0000 (UTC)
Received: by yie12 with SMTP id 12so324280yie.13
	for <questions@freebsd.org>; Fri, 22 Apr 2011 16:16:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type;
	bh=ga2QvDhCRuTD3P5jf6Qt3mYIb23KWCxDy3QCMN7Gjso=;
	b=jNwdAogNzGKYx/r10lCoq18tecQk4WyPVS52mY8S3WQCg3FzFVWqlLGAcYZ17kQQQI
	nOy5nEUVufz6/7THbhH2HgtSspyb++3hZH5/APiaogO7+q6kFCmnhONBZIean5Lgh27M
	4R1JnAP8mvuxLfqrpKF2B5wMom2HVayGlnAss=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=G9Y/ZzTybiKacA4Lxkmh/1JJ8Dw3pB1zlIlOZM/Bw4PRS/nQTyRUwFDHtsec3fKfVR
	Jl6LkwkbVMzfTzO6tOtY5IEQkah0oNl4wCQblMPDtLFBSpKSe1gIAaRT0Y9Ar7vbPWyS
	CEkppq+1VOfAi62cqmP1+4UXpx5m8lWsyXkws=
MIME-Version: 1.0
Received: by 10.147.106.13 with SMTP id i13mr1115445yam.12.1303512389641; Fri,
	22 Apr 2011 15:46:29 -0700 (PDT)
Received: by 10.147.35.8 with HTTP; Fri, 22 Apr 2011 15:46:29 -0700 (PDT)
In-Reply-To: <4DB036C0.3020203@itlegion.ru>
References: <4DB036C0.3020203@itlegion.ru>
Date: Fri, 22 Apr 2011 15:46:29 -0700
Message-ID: <BANLkTikbLS6cZj+giy5jNwDEUnm=VWz9pg@mail.gmail.com>
From: pete wright <nomadlogic@gmail.com>
To: Artem Kuchin <matrix@itlegion.ru>
Content-Type: text/plain; charset=ISO-8859-1
Cc: questions@freebsd.org
Subject: Re: Security monitoring all file changes
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2011 23:16:18 -0000

2011/4/21 Artem Kuchin <matrix@itlegion.ru>:
> Hello!
>
> We are running hosting servers and i think we need to monitor and log all
> changes in filesystems (ftp log is written already, but
> we give shell access and also files can be changed by scripts), so, when a
> client asks when the file/directory
> was changed or deleted and by whom we can answer that question.
>
> In what directtion should i look? Is Audit the thing for it?

mtree is probably what you are looking for:

http://www.freebsd.org/cgi/man.cgi?query=mtree&apropos=0&sektion=0&manpath=FreeBSD+8.2-RELEASE&format=html

-pete

-- 
pete wright
www.nycbug.org