In my work environmnt, we work with some sensitive data, and we must have audit trail whenever some types of files are touched (or we would fail external
audits,
which translates to lost jobs, simple as that). Problem with using Linux so far was lack of good auditing tools.
This is all in work. The 0.7.4 audit package has some information about setting file watches (auditctl -w -p ). However, you need to have a kernel that's patched for it. We are still peer reviewing this capability. I think we have just a few more locking issues to solve and then it will be sent to lkml. I have put the tools into FC4 so that when the file system auditing patch does go upstream & you do a kernel update, everything starts working.
-Steve Grubb
__________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail