Re: How to tell what process accessed a file

To: debian-security@lists.debian.org
Subject: Re: How to tell what process accessed a file
From: Marcin <lfe@ghnet.pl>
Date: Sat, 14 Feb 2004 21:14:52 +0100
Message-id: <[🔎] 1162680362.20040214211452@lists.debian.org>
Reply-to: debian-user-polish <debian-user-polish@lists.debian.org>
In-reply-to: <[🔎] 402E7BEE.8000607@hanaden.com>
References: <[🔎] 20040214183151.GA32187@wabyn.net> <[🔎] 20040214193200.GA32193@zionlth.org> <[🔎] 402E7BEE.8000607@hanaden.com>

Hello,

> what package and deamon does the audit of every file executed?

if you patch the kernel with GRsecurity - you can turn on logging of
executing, sended singals, failed forking, changing date/time,
even changing the directory :)

www.grsecurity.org

all goes to syslog

or you can start gradmin - but this is a little different story

--
Cheers,
Marcin.

Reply to:

References:
- How to tell what process accessed a file
  - From: Wade Richards <wade@wabyn.net>
- Re: How to tell what process accessed a file
  - From: Phillip Hofmeister <plhofmei@zionlth.org>
- Re: How to tell what process accessed a file
  - From: hanasaki <hanasaki@hanaden.com>

Prev by Date: Re: How to tell what process accessed a file
Next by Date: Re: How to tell what process accessed a file
Previous by thread: Re: How to tell what process accessed a file
Next by thread: Re: How to tell what process accessed a file
Index(es):
- Date
- Thread