LJ Archive

Listing 1. Controlling unlink

for unlink "/tmp/delme" {
        log "User " uid " tried to delete file " data;
        log "Process information :";
        log_proc;
        answer = SKIP;
}

Output Messages

[robo@unicorn /tmp]$ touch delme
[robo@unicorn /tmp]$ ls -l delme
-rw-rw-r--   1 robo     robo      0 Dec 27 22:39 delme
[robo@unicorn /tmp]$ rm delme
Medusa: Security d
Medusa: Security d
Medusa: Security d
ecap=00000000)  delme (/tmp/delme)
[robo@unicorn /tmp]$ ls -l delme
-rw-rw-r--   1 robo     robo      0 Dec 27 22:39 delme
[robo@unicorn /tmp]$ su -
[root@unicorn /root]# rm -f /tmp/delme
Medusa: Security daemon: User 0 tried to delete file delme
Medusa: Security daemon: Process information :
Medusa: Security daemon: process 1520 (uid=0 luid=500 vs=ffff
ecap=fffffeff)  delme (/tmp/delme)
[root@unicorn /tmp]# echo $?
0
[root@unicorn /root]# ls -l /tmp/delme
-rw-rw-r-   1 robo     robo       0 Dec 27 22:39 /tmp/delme
LJ Archive