> On Sat, Feb 14, 2004 at 01:50:06PM -0600, hanasaki wrote: > > what package and deamon does the audit of every file executed?
Selon Jan Minar <[EMAIL PROTECTED]>: > RSBAC has such a facility. > Executing is done by calling execve(2). The section number `2' informs > us this is a system call. Therefore, such an accounting must be > kernel-based to be reliable. No daemon/package alone can do the job. The current kernel BSD-accounting implementation allows to track processes execution too. It's enougth for basic investigations and does not need a kernel re-compile. See the "acct" package. Regards, -- Jean Christophe André Agence universitaire de la Francophonie - Bureau Asie Pacifique
