5

Auditing Individual Files

view full story
linux-howto

http://www.unix.com – I have some Solaris 9 systems and I'm interested in using the "fm" audit class to track changes to sensitive files but it's too verbose for it to be auditing to that level for EVERY file, so I was wondering if there were a way of restricting the audit of those events to particular files. I thought about using Host-based IDS but I think that would lose information we need about the who of the change. (HowTos)