Stephen Harris wrote:
> At my place we don't use SELinux because we have a gazillion tonnes of
> legacy software that just are not compatible with the default policies.
> No one wants to go to the effort of working out everything that needs
> changing.
>
> We also use cfengine for central management. Which somestimes causes
> a problem when CFe modifies a file that I don't want modified on my
> machine.
>
> So I want to be able to track when specific files were changed. My
> obvious thought was "create an SELinux audit policy that can track
> file changes, raise a log message", and we can monitor the logs.
>
> At this point I'm at a loss.
<snip>
Doesn't cfengine allow for logging changes on a per-system basis?
mark