Additionally some fields actually have rather strange values, like an architecture of c000003e (which actually equals x86_64). When looking at this output, you might be overwhelmed by all the fields available. Running this command gives us the following output:įile access monitoring with Linux audit framework Now we have defined our watch, we can search for it with the earlier defined key. With the -k we define a custom key, which simplifies searching at a later moment. It looks similar to file permissions, but actually it is slightly different. The -p defines the related permission action (a = attribute change, r = read, w = write, x = execute). The parameter -w sets the watch, followed by the file name. To have this file monitored, we need to add a watch on the file.Īuditctl -w /etc/nf -p a -k kernel This file stores kernel settings, so it interesting to start with this file. To protect our kernel configuration, we can determine who accesses the nf file. Additionally it can monitor processes, including the underlying system calls which are performed by them. The framework is written by Red Hat and uses “watches” on files and directories to determine what should be monitored. To accomplish this task, we can use the Linux audit framework. This helps us understand what particular files are being accessed, by what process and by whom. The first level of monitoring is who is accessing specific files. So besides protecting data, we have to take the protection of meta-data in mind as well. This “data about data” is called meta-data. This data is usually not useful for us, but certainly for the system to retrieve the information, especially when we ask for it.
For example a data block on disk, might need some supporting information to know where it is stored. Data versus Meta-dataīesides the information stored for us, the system needs to store a little bit of information as well. Data is usually the most important part on a system, which means it has to be properly safeguarded.
The related information stored in data blocks, can be as simple as text, or become a visible representation like an image. What is Data?ĭata is a collection of bits, ordered in such a way it gives meaning to humans. In this article we have a look at these solutions to monitor file access, changes and modifications to the data and beyond.
From changing contents to who accessed particular information, and at what time.įor our auditing toolkit Lynis, we researched and tested several solutions over the last few years. Linux has several solutions to monitor what happens with your data. Monitoring File access, Changes and Data Modifications
0 kommentar(er)
