> > we are looing for information about auditing in linux esepcially the
> > following topics:
> > audit deamon
> > audit file structure
>
> there is no audit daemon in linux (or in unix systems in general) in the
> full sense of the word - however, there is 'syslogd' - the system logger
> daemon. this daemon accepts messages from other processes, using the
> syslog() C library function (man syslogd, man syslog...), and writes them
> into log files, or prints them on the system's console, or dumps them -
> all this, based on the syslog.conf file, found in the /etc directory (man
> syslog.conf). the log files are traditionally kept in the /var/log
> directory (or /var/adm on some unix systems), but this may be changed by
> modifying the syslog.conf file.
>
> read the mentioned manual, and you'll get the full info (including the
> structure of the log files' records).
Syslog is hardly an auditing facility. As a matter of fact, many systems
have auditing capabilities. (Any system claiming to be `C2 complaint' has
to have them, for example.)
To answer to original question, the stock Linux kernel has no auditing
capabilities. FWIW, there's an independant package to add auditing to
Linux at:
ftp://ftp.hert.org/pub/linux/auditd/auditd.tar.gz
It includes kernel mods to some 2.0.x kernel (don't remember the exact
value of `x') and an audit daemon. It's not very robust, though.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
