Re: How to tell what process accessed a file

To: Wade Richards <wade@wabyn.net>, debian-security@lists.debian.org
Subject: Re: How to tell what process accessed a file
From: Russell Coker <russell@coker.com.au>
Date: Sun, 15 Feb 2004 16:57:10 +1100
Message-id: <[🔎] 200402151657.10343.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20040214183151.GA32187@wabyn.net>
References: <[🔎] 20040214183151.GA32187@wabyn.net>

On Sun, 15 Feb 2004 05:31, Wade Richards <wade@wabyn.net> wrote:
> Every once in a while I get a bunch of errors because some process tried
> to access my CDROM, triggering automount when there's no disk in the
> drive.

SE Linux can audit all interesting actions, exec, read, write, create, 
signals, etc.

Also there are kernel auditing systems such as SNARE, but none of them are 
packaged for Debian.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: How to tell what process accessed a file
  - From: hanasaki <hanasaki@hanaden.com>

References:
- How to tell what process accessed a file
  - From: Wade Richards <wade@wabyn.net>

Prev by Date: Re: How to tell what process accessed a file
Next by Date: SSL client with peer verification?
Previous by thread: Re: How to tell what process accessed a file
Next by thread: Re: How to tell what process accessed a file
Index(es):
- Date
- Thread