- Monitoring a binary
- Posted by Bern on February 7th, 2005
Hello group,
Is it possible to monitor a binary for who used it and when?
I am thinking about a deamon able to monitor some binaries and log the information.
Anyone with an idea about a tool with such capabilities?
Thanks in advance,
Bernard
- Posted by jeannimov@imel.org on February 7th, 2005
Search for "Logging File Accesses" in this group, you'll see it was
possible in 1996.
And it's still possible today!
See
http://publib16.boulder.ibm.com/doc_...g_overview.htm.
You can also buy another product if you really want to.
Something like Etrust Access Control (formerly Seos) for example.
Regards,
JN.
- Posted by bfay@deepcosmos.ca on February 8th, 2005
Thanks,
I found my answer in the auditing subsystem. That will do the job.
Regards,
Bern
jeannimov@imel.org wrote:
- Posted by odiboy on February 10th, 2005
try strace -p -v pid.
This would show you all the internal system calls.
good luck
- Posted by Neal Clark on March 1st, 2005
if you're looking to do this on a regular basis and have reports of
changes to your filesystems, i'd recommend tripwire. its free and
reliable, as far as i can tell... useful for post-break in forensics too..
-neal
Bern wrote:
