On Monday, May 09, 2016 04:13:19 PM varun gulati wrote: > Hi Team, > We have requirement where we have to monitor and log any read operations > performed on a file. e.g. /a/b/c/xyz.log
-a always,exit -F path=/a/b/c/xyz.log -F perm=r -F key=log-access > This file is usually copied and downloaded by many users using various > operations, like, wget, ssh, jsp Download link provided. These commands are > fired from different hosts. With the auditd we want to create a rule which > auditctl can leverage to log the User ID that is reading (and copying) it > from a different host may be. You will get the local auid/uid that the kernel sees when the request triggers the rule. There is nothing more that can be done from the audit system. -Steve > I have gone through many of the rules but didn't find anything fruitful as > such (which logs wget, scp commands from remote hosts). May be I am missing > on something. Since it is a very crucial requirement, appreciate your > guidance and directions with this. Let me know in case you require any > further information from my end. Many thanks in advance. > > > > Thanks and Regards,Varun Gulati -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
