From owner-freebsd-security Wed Oct 31 17:32:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id A366C37B401 for ; Wed, 31 Oct 2001 17:32:33 -0800 (PST) Received: from localhost (rik@localhost) by pkl.net (8.9.3/8.9.3) with ESMTP id BAA00846; Thu, 1 Nov 2001 01:32:10 GMT Date: Thu, 1 Nov 2001 01:32:08 +0000 (GMT) From: rik@rikrose.net X-Sender: rik@pkl.net To: edwin chen Cc: freebsd-security@FreeBSD.ORG Subject: Re: audit question In-Reply-To: <009401c16216$08386240$9201a8c0@home.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 31 Oct 2001, edwin chen wrote: > hi, everybody Hi Doctor Nick.. uh, I mean edward. > if I want log a message "who visit which file or > directory, when is it happend=A3=BF", what command I need ? If *I* wanted to do this, I'd hack the fie-related syscalls (well, probably not all of them. I'm not very good at this), to append stuff to /root/file-log and probably panic the system every half an hour and got overlapping logs due to not getting atomic write's correct, and the system would slow to a crawl, but then I'm No Expert. so yeah. good luck with it. Oh, and process accounting may already do some of this stuff... --=20 PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint =3D 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message