Software :: File Create/modify/delete Monitoring With User Account?
Jan 27, 2011
We are looking to monitor and log selected application file systems for file create/modify/delete changes that will also include, user account that changed/deleted the file, file name and date and time of event. Everything I have looked at does not seem to provide all of the information that we need.Inotify seems to monitor modify/create/delete but does not seem to provide the user account. Auditd seems to monitor modify/create/append with user account, but not deletes.We need to provide this information to auditing for Sarbane Oxley compliance.
I am in the process of setting up a user account for an SFTP server that will possibly be used by multiple users. I am aware of the security risk involved, but it is a necessary evil.
I am trying to come up with an effective means of monitoring the user account. So far I have a script that runs the finger command, and emails me once an hour. Is there something else that I can do to keep a close eye on the account?
On my Debian server I installed Samba for sharing directories in my local network. I know how to set access rights but I have a problem. I would like to allow an user (example "nobody") to create files or directories in a shared directory but to deny to modify or delete something.How can I do that?Second question, on a file, I know that we can set rights for "u", "g" and "o". But like the NTFS permissions, can we apply rights for each users?
i've been wondering how do i know if some users create/modify/delete file/directory in linux, i've been using pyinotify in python script.this script like the example from the manual:
Code: #!/usr/bin/python import pyinotify, os, time
look at this : Uploaded with ImageShack.us how can set permissions in linux like this? I want one user can delete files but can't modify them and ... in linux i have 3 group to assign read write and execute them. is ntfs flexible than linux file system?
Ever since I upgraded from karmic to lucid my user account has been really buggy. The other profiles on the computer are acting normal but I believe mine is acting strangely because of the way I had my desktop set up before I upgraded (conky and a terminal on my desktop, compiz). Is there a way to reset my account to the default settings? I figured if I could delete my account and recreate it everything would be okay but I can not delete the account.
i m not able to create new user account to my new install of 11.2 don't know whether it occured due to update problem or some installation failure. when creation a new profile through yast it gives a warning sub-domain not started and quits however a new user get added through cli but with no profile of its own. that user cant log into gui enviroment and when he/she logs through cli it automatically tranfers it profile to "/"(i.e root) i m using kde4.3
Can we create a limited user account in ubuntu like XP where user can not be able to change its networking settings (like changing IPs / enable & disable netwrok interface).
Our requirement is to create multiple user account with UID:-
/tmp/users.txt rohit guna samsir
like this 100 user names in /tmp/users.txt file
/tmp/uid.txt 2001 3789 1000134 like this 100 UID's in /tmp/UID.txt file
The script should take input from both the files and create user account. for example user account rohit should have an UID of 2001 and user samsir should have an UID of 1000134.
I never considered I would want to remote access my laptop, or that I would be able to figure out how (I know....). In any case, my (only) username and password are not all that complicated - just there for deterence more than anything else (I have a barely functioning battery and a FDE hard drive, so if you're going to unplug and transport this baby, it'll shut off; my hard drive PW is solid).
In any case, I wanted to create another account that I could use to log into with SSH to be able to access files. I've started by disabling SSH login to my current user account (DenyUsers myusername). I know I could add a new user to my system with its own home directory and all, but I want it as least 'present' or invasive as possible. So in sum, is there a way to create an SSH only user, and if so, how?
I thought I would check here to get some pointers, to be sure I don't mess up my system!
Recently I have renovated an old computer which once belonged to my dad (the old HDD crashed, and I just bought a new one to replace it). My parents want me to fix this computer for my 5-year-old sister to use. I decided to use Linux Mint as the OS because everything (flash, mp3, etc.) is already configured.
How do I create a user account in Linux Mint with limited access for my sister, so that it won't mess up the entire system?
All she does is surf the web, so I'm just worried that she might accidentally mess up a system setting that I eventually will have to fix it.
I need to create a user account for a software developer. I am logged in as an administrator and was planning on using the 'useradd' command to add the developer. Where should I place his folder in the directory hierarchy?He will need to access the gcc compiler to do his development.
I need to create such an account that the user wouldn't be able to r/w any file which doesn't belong to it, even if access mode is set to o+rw. I guess normal chmod/chown won't help here... How can i do this?
I am using NIS and I want to replace this with 389 ds. I have installed 389 ds and configured it. I could create user account from 389-console. But it does not create user home directory. Do I have to create user account and user home directory in linux first?
creating template (phpldapadmin 1.2.0.5). I create new template where im creating User Account (possixAccount) but i need to create Generic: Ldap Alias that will be created in other ou than account and i need both in one template.
we know that /etc/passwd - is a replica of /etc/passwd file and acts as a backup in any damage done to /etc/passwd file..i have observed a strange thing in RHEL 5.4....for example... if /etc/passwd has 100 accounts.. then /etc/passwd - is having only 99 accounts....when i add 101 useraccount with "useradd" then /etc/passwd has 101 accounts and /etc/passwd is having the 100th account of /etc/passwd - ..when i delete /etc/passwd and recover it with /etc/passwd - from runlevel 1 the lastly created user is not having his account after recovery.. what is the solution? this is same case even with /etc/shadow and /etc/shadow -
I want to jail Skype into its own process and not the one I login with. That way, if a hacker breaks in, it's limited to this process and only the limited functionality that that user account has. The thing is this -- thousands of Linux guys run Skype, but Skype is hardly ever updated or have security patches, and we run it all the time. It seems like an easy avenue for an exploit. As well, my iptables firew all blocks input connections that I have not established, but Skype is an established connection. How do I create a Bash script that launches Skype under a separate user account?
I have like 4 email addresses on one Ubuntu One account and I'd like to remove them all except my current email... I also have an old account I'd like to delete. I used the contact form but to no avail.
I want to add 50 new users, not on the server yet I want to add them all to group Accounting - with 1 option, not user by user I want to setup a default password for them all, and have it say something like 'You must now change password or no access will be permitted' Any other options I also want to do once, not for each user?
I can't log my account because i modify system wide profile, i installed java bundle with netbean. After it's completed, then i add the java path to system wide profile. either /usr/profile or /etc/profile. i don't remember. before i modify it, i change the permission using chmod 700. When it's done, i change it to 400 which is read and view only.
I can't login my account now. how do i fix it? how do log in root account to fix it? and i didn't activate my root account. it logs me in then log me out right away .
I have two NTFS volumes I want to automount at boot. I can't get my user account to mount them in Fedora 10. I keep getting the message that the two lines I have edited in fstab are bad. The volumes are sda2 and sda8, and the volume names are SPACELAB and Spaceman. I also need to be able to mount an NTFS usb drive from time to time. I am getting frustrated, so I have posted my fstab file below,
# # /etc/fstab # Created by anaconda on Sun Mar 1 12:44:11 2009 #
can i actually edit /etc/sysconfig/iptables and create/delete rules inside that file?will it work? i just find using the IPTABLES -A or -D command a hassle