Re: Directory structure auditing - a case
linux-audit-bounces(a)redhat.com wrote on 11/17/2005 02:22:15 PM:
Amy and I talked about this briefly a week or so ago. Her current
patch will not support this functionality as-is but we think it is
possible to develop a follow-up patch that supports watching individual
directories. Its probably not possible to audit an entire directory
structure with a single watch but if one is willing to specify each
directory to be audited, then we might be able to provide that
capability.
Would it be possible to have a watch that instructs a parent to watch its
children? Perhaps that is what you are saying here... If so, that would
be a very reasonable action.
What is the limiting aspect that would not allow you to watch deeper than
just 1 set of children? Obviously, this could be set up with some kind of
script or automation on the user's behalf if its not possible, but I can
see
Mont's request being a very common one.
Mike
-- ljk
Steve Grubb wrote:
> On Thursday 17 November 2005 12:05, Mont Rothstein wrote:
>
>>The number of files could be in the millions, far too many to add a
rule
>>for each file.
>
>
> Amy, since the new file system audit code is using the inotify
interface, will
> this be possible?
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit(a)redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Attachments:
- attachment.html (text/html — 2.1 KB)