SUMMARY: File Auditing on SOlaris
Gary Franczyk (email@example.com)
Mon, 08 Dec 1997 08:31:15 -0500
I asked this:
>Is there a way to audit file systems so that every time a file gets
>touched, changed, deleted or moved, a log record is kept? I know this
>is possible in NT, but can you do it in Solaris 2.5.1?
>We are having a problem where someone or something is removing CAD
>files. Id like to know when they are being removed and by whom.
Some people suggested tripwire. It is public shareware.
Some suggested the audit_control(4) and bsmconv(1M) in solaris.
I dont think tripwire will get down to the file by file level I am
looking for, so I am going to try the audit_control software built into
solaris. It looks extrememly cryptic though.