Tracking file access in Solaris

Posted on 2011-09-15
Medium Priority
Last Modified: 2012-06-27

I started at a new gig who is running Solaris and they need to know of a way to track when files have been accessed, changed or deleted and by whom.  Is there any package that can do that?


Question by:Ben Conner
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 21

Expert Comment

ID: 36547165
AIDE should be able to do what you want.

Here is a link to get it going on Solaris 10

Author Comment

by:Ben Conner
ID: 36547191
Hi Papertrip,

This will answer the question of who modified and/or deleted a file?   From the writeup I can see where it can detect a file that's been altered, but no mention of which account did it.  Am I missing something?

LVL 21

Expert Comment

ID: 36547214
I'm not sure if there is anything out there that will do exactly that.  AIDE is meant to be a tool to use in conjunction with the usual stuff, it's basically open source Tripwire.
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

LVL 48

Accepted Solution

Tintin earned 2000 total points
ID: 36547350
You can use Solaris Basic Security Mode (BSM), which is a native Solaris package for auditing all types of things.

man bsm

for more info

LVL 79

Expert Comment

ID: 36547352
Subversion/cvs might be what you are looking for.  Access to the file can only be obtained through them and they will maintain versioning as well as records of access.

depending on the file and what their purpose is.

is this a document management type of mechanism you are looking for?
LVL 21

Expert Comment

ID: 36547354
Interesting I never heard of that.  Will it report which user modified a specific file?
LVL 21

Expert Comment

ID: 36547355
Woops my last comment was @Tintin

Author Closing Comment

by:Ben Conner
ID: 36548971
Wow.  BSM looks like RACF on an IBM mainframe in terms of functionality.  This will definitely do what they wanted it to.

Thanks much!


Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month10 days, 10 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question