I've been doing a lot of research on this, and I keep coming up with things that don't work, have been abandoned, or are almost impossible to find or get working. So I'll ask here. Maybe one of the ultra-elightened linux gods will have a ready answer.
I want to be able to audit system calls - I want to log when files are opened, created, changed, deleted, etc. Preferably I would like to do it without having to apply kernel patches, using vanilla (or close to vanilla) kernel. If this isn't possible, my net preference is to use a module. If this isn't possible, well, I'll do what I have to. I notice there is a CONFIG_AUDIT option. Is this what I am looking for, and how do I use it? /dev/audit seems not to work... Thanks. If you can even point me a suitable FM to R, I'd be content. --Russell -- Russell Miller - [EMAIL PROTECTED] - Agoura, CA - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
