Re: How to tell what process accessed a file
On Sun, 15 Feb 2004 05:31, Wade Richards <wade@wabyn.net> wrote:
> Every once in a while I get a bunch of errors because some process tried
> to access my CDROM, triggering automount when there's no disk in the
> drive.
SE Linux can audit all interesting actions, exec, read, write, create,
signals, etc.
Also there are kernel auditing systems such as SNARE, but none of them are
packaged for Debian.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: