25 Apr
2014
25 Apr
'14
8:51 p.m.
Stephen Harris wrote:
At my place we don't use SELinux because we have a gazillion tonnes of legacy software that just are not compatible with the default policies. No one wants to go to the effort of working out everything that needs changing.
We also use cfengine for central management. Which somestimes causes a problem when CFe modifies a file that I don't want modified on my machine.
So I want to be able to track when specific files were changed. My obvious thought was "create an SELinux audit policy that can track file changes, raise a log message", and we can monitor the logs.
At this point I'm at a loss.
<snip> Doesn't cfengine allow for logging changes on a per-system basis?
mark