Need a "watching" program

Daniel P. Faigin faigin at sunstroke.aero.org
Fri May 12 06:35:09 AEST 1989 

In article <8923 at csli.Stanford.EDU> rustcat at csli.stanford.edu (Vallury
Prabhakar) writes: 
> I was wondering if there is any way of keeping track of any/every body who
> looks around in my home directory?  'twould be nice if this program could
> create and append to a logfile, each time some user chdir-ed to my $HOME.

To which, sean at ms.uky.edu (Sean Casey), in article <11680 at s.ms.uky.edu>,
replies:
>This isn't possible under most versions of Unix. It *might* be possible
>under a secure Unix with audit trails, but I'm not too familiar with secure
>Unixes.

If the secure Unix is being built according to the "Orange Book" (TCSEC), then
the audit trails are not accessable to an arbitrary user. The Orange Book
requires that the ability to read the audit trail be restricted to authorized
users. Now, one could conceivably ask the System Security Officer to examine
the audit trail for you, but you've have to tell the SSO what you were looking
for (and even then, the ability to do an audit search with that granularity
might not be present in the system. At the typical level of "secure Unix"s,
C2, you only need to be able to selectively retrieve information based on the
user taking the action, not the object being accessed.)

>An easy solution is to "cd; chmod 700 .". That will insure that no one can
>go into your home directory.

A harder solution might be to find out how the file system tables are
contstructed, and have a continuously running background program that
repeatedly scanned /dev/kmem to detect when your files were open. Of course,
that would slow the system down and raise a denial of service issue, but were
talking about security here :-).

Daniel
Work :The Aerospace Corp M8/055 * POB 92957 * LA, CA 90009-2957 * 213/336-3149
Home :8333 Columbus Avenue #17  * Sepulveda CA 91343            * 818/892-8555
Email:faigin at aerospace.aero.org (or) Faigin at dockmaster.ncsc.mil               
Voicemail: 213/336-5454 Box#3149 * "Take what you like, and leave the rest"

More information about the Alt.sources mailing list