Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!bbn!usc!aero!sunstroke!faigin From: faigin@sunstroke.aero.org (Daniel P. Faigin) Newsgroups: alt.sources Subject: Re: Need a "watching" program Message-ID: <51152@aerospace.AERO.ORG> Date: 11 May 89 20:35:09 GMT References: <8923@csli.Stanford.EDU> <11680@s.ms.uky.edu> Sender: news@aerospace.aero.org Reply-To: faigin@aerospace.aero.org (Daniel P. Faigin) Distribution: usa Organization: The Aerospace Corporation, El Segundo, CA Lines: 37 In article <8923@csli.Stanford.EDU> rustcat@csli.stanford.edu (Vallury Prabhakar) writes: > I was wondering if there is any way of keeping track of any/every body who > looks around in my home directory? 'twould be nice if this program could > create and append to a logfile, each time some user chdir-ed to my $HOME. To which, sean@ms.uky.edu (Sean Casey), in article <11680@s.ms.uky.edu>, replies: >This isn't possible under most versions of Unix. It *might* be possible >under a secure Unix with audit trails, but I'm not too familiar with secure >Unixes. If the secure Unix is being built according to the "Orange Book" (TCSEC), then the audit trails are not accessable to an arbitrary user. The Orange Book requires that the ability to read the audit trail be restricted to authorized users. Now, one could conceivably ask the System Security Officer to examine the audit trail for you, but you've have to tell the SSO what you were looking for (and even then, the ability to do an audit search with that granularity might not be present in the system. At the typical level of "secure Unix"s, C2, you only need to be able to selectively retrieve information based on the user taking the action, not the object being accessed.) >An easy solution is to "cd; chmod 700 .". That will insure that no one can >go into your home directory. A harder solution might be to find out how the file system tables are contstructed, and have a continuously running background program that repeatedly scanned /dev/kmem to detect when your files were open. Of course, that would slow the system down and raise a denial of service issue, but were talking about security here :-). Daniel Work :The Aerospace Corp M8/055 * POB 92957 * LA, CA 90009-2957 * 213/336-3149 Home :8333 Columbus Avenue #17 * Sepulveda CA 91343 * 818/892-8555 Email:faigin@aerospace.aero.org (or) Faigin@dockmaster.ncsc.mil Voicemail: 213/336-5454 Box#3149 * "Take what you like, and leave the rest"