[Lustre-discuss] Log file opens/reads/etc?
Klaus Steden
klaus.steden at thomson.net
Tue Aug 19 10:48:25 PDT 2008
Hello Andreas,
My apologies for not explaining myself. :-)
The trusted computing standards I'm talking about (there are a few, some
good, some not so much) are effectively based on US Department of Defense C2
(aka Orange Book) security standards:
http://en.wikipedia.org/wiki/TCSEC
The best audit trail implementations I've seen are based on Sun's BSM,
adopted and implemented by both FreeBSD and Apple in their auditing code.
http://docs.sun.com/app/docs/doc/806-1789
http://www.apple.com/support/security/commoncriteria/
http://www.freebsd.org/doc/en/books/handbook/audit.html
BSM-based auditing systems define classes of system calls, users, and groups
of users that are of interest -- file create, file read, login, socket
opens, people in the 'wheel' group, etc. -- and record a realtime log of
events as they occur within the kernel. This information is stored in a
packed binary format, and can be exploded into ASCII for parsing and
analysis using built-in tools, allowing you to establish a complete audit
trail of the operations of interest.
How Lustre would implement this I'm not sure, since it's object-based and
BSM auditing records file names ... but the idea is important, especially in
digital media where auditability keeps lawyers from the MPAA and the big
studios at bay.
cheers,
Klaus
On 8/18/08 9:13 PM, "Andreas Dilger" <adilger at sun.com>did etch on stone
tablets:
> On Aug 18, 2008 17:18 -0700, Klaus Steden wrote:
>> Hrm. Who should I contact to find out more, then?
>
> Nathan is working on the Changelog code, but I think the main issue
> is that neither of us know what "compliant with Trusted Computing standards"
> really means.
>
>> On 8/18/08 4:44 PM, "Andreas Dilger" <adilger at sun.com>did etch on stone
>> tablets:
>>
>>> On Aug 18, 2008 12:53 -0700, Klaus Steden wrote:
>>>> Will this be compliant with Trusted Computing standards? i.e. will it be
>>>> possible to use this information for auditing purposes?
>>>
>>> I don't know enough about that to make a useful answer, sorry.
>>>
>>>> On 8/18/08 3:43 AM, "Andreas Dilger" <adilger at sun.com>did etch on stone
>>>> tablets:
>>>>
>>>>> On Aug 09, 2008 05:06 -0700, daledude wrote:
>>>>>> Is there is a tool that shows what files are being accessed? Sort of
>>>>>> like inotify, but not inotify? I'd like to compile file access
>>>>>> statistics to try and balance the most accessed files across the OST's
>>>>>> better.
>>>>>
>>>>> There is a feature being worked on for Lustre 2.0 called "Changelogs"
>>>>> that will allow recording all files that are modified.
>>>>>
>>>>> Cheers, Andreas
>>>>> --
>>>>> Andreas Dilger
>>>>> Sr. Staff Engineer, Lustre Group
>>>>> Sun Microsystems of Canada, Inc.
>>>>>
>>>>> _______________________________________________
>>>>> Lustre-discuss mailing list
>>>>> Lustre-discuss at lists.lustre.org
>>>>> http://lists.lustre.org/mailman/listinfo/lustre-discuss
>>>
>>> Cheers, Andreas
>>> --
>>> Andreas Dilger
>>> Sr. Staff Engineer, Lustre Group
>>> Sun Microsystems of Canada, Inc.
>>>
>
> Cheers, Andreas
> --
> Andreas Dilger
> Sr. Staff Engineer, Lustre Group
> Sun Microsystems of Canada, Inc.
>
More information about the lustre-discuss
mailing list