Listing 1. Controlling unlink
for unlink "/tmp/delme" {
log "User " uid " tried to delete file " data;
log "Process information :";
log_proc;
answer = SKIP;
}
Output Messages
[robo@unicorn /tmp]$ touch delme
[robo@unicorn /tmp]$ ls -l delme
-rw-rw-r-- 1 robo robo 0 Dec 27 22:39 delme
[robo@unicorn /tmp]$ rm delme
Medusa: Security d
Medusa: Security d
Medusa: Security d
ecap=00000000) delme (/tmp/delme)
[robo@unicorn /tmp]$ ls -l delme
-rw-rw-r-- 1 robo robo 0 Dec 27 22:39 delme
[robo@unicorn /tmp]$ su -
[root@unicorn /root]# rm -f /tmp/delme
Medusa: Security daemon: User 0 tried to delete file delme
Medusa: Security daemon: Process information :
Medusa: Security daemon: process 1520 (uid=0 luid=500 vs=ffff
ecap=fffffeff) delme (/tmp/delme)
[root@unicorn /tmp]# echo $?
0
[root@unicorn /root]# ls -l /tmp/delme
-rw-rw-r- 1 robo robo 0 Dec 27 22:39 /tmp/delme
Copyright © 1994 - 2018 Linux Journal. All rights reserved.