[ubuntu-us-ut] file system integrity application
Aaron Toponce
aaron.toponce at gmail.com
Tue Sep 16 21:55:13 BST 2008
Colby W. wrote:
> On Tue, Sep 16, 2008 at 14:37, Daniel <teletautala at gmail.com> wrote:
>> I know of tripwire, systemchecker, aide as far as system integrity
>> goes. What I want is something that will log who did what to what
>> file when to any file anywhere in the system. Which of these is best
>> or is there another one I have missed?
>
> OSSEC will tell you whenever a file is changed (and a great deal
> more) but it does not tell you *who* changed the file unless that
> feature has been recently added. I've been out of the dev loop on that
> project for a while now.
I may need to look closer, but I believe this information can be
obtained via syslog. Setting *.debug in /etc/syslog.conf could be of
benefit. Of course, this will be highly verbose logging, so logging to
a remote centralized logging server would be preferred.
Another idea that comes to mind, is using subversion or git to track the
files on the server. Any version control system will show who modified
what, but of course, it's doing a lot more than you probably want. :)
Just an idea though, as horrible as it might be.
--
_
Aaron Toponce ( ) ASCII Ribbon Campaign
www.aarontoponce.org X www.asciiribbon.org
/ \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 544 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-us-ut/attachments/20080916/d9148592/attachment.pgp
More information about the ubuntu-us-ut
mailing list