shaun_beier at hotmail.com
Tue Nov 12 22:08:00 CST 2002
Ok .... here is the long story on the trash.
I work for a pharmaceutical company that takes pictures of microscope slides
via a digital camera. These files are then stored happily on a computer.
Everyone is happy.
Now, lets bring in the FDA and the FDA's rules on the storage of digital
data. To make a long story short the following must be done to be compliant:
a program must be found that can track all files that we generate to ensure
that no one is overwriting data and that data is not being deleted.
I have found that Tripwire for Linux does this job very nicely. I can have
Tripwire monitor its own database and policy files so that it can be proved
that no one is corrupting Tripwire (plus, the program can only be run as a
root user). I can also make Tripwire monitor a million other directories,
the most important directory being the one that the digital images are being
saved to. So everything seems good...
However, I found a flaw with Tripwire that I have to somehow correct. The
problem with the program is that Tripwire can not monitor files that were
created and then deleted. The reason being that Tripwire has to run a scan
on the computer to first know that the file ever existed to know if it was
deleted. So, if Tripwire does not know a file was created and a user deleted
it, then Tripwire is also not going to know if the file was deleted. Big
problem because this does not satisfy the FDA requirement.
Next step... Well, I can setup cron to automatically run Tripwire scans
about as often as is feasable. However, there are literally thousands of
images in this directory and a scan of the directory takes about 7.5 min.
So, taking into account hard drive abouse from being read and written to
every ten min. this is not feasable. Plus, I talked to the FDA about this
and the FDA said that if there is a lag time between the scans that are done
to track the files, then this will also be seen as being deficient (because
a user could decide to delete new files that Tripwire has not yet tracked in
the 2.5 min that the computer is resting). So basically, I would have to
continually be running Tripwire to be compliant, which is not possible.
So, that forces me to have to do something about people not being able to
delete any data in this directory period, which is why I am asking about
permissions on deleting things. Basically, any user to the computer can not
have the ability to delete any file in this directory, but they still need
to be able to write files to it, which is what stops me from simply removing
the write privleges from the directory.
That is the long story of the problem that I am trying to deal with. If
anyone can suggest another program that has real time non stop file
monitoring, then I would be happy to take a look at that. I have not not
found any software to do this however. Also, if anyone knows how to restrict
deleting privleges to a directory by a user, then that would be helpful
Again, thank all of you so much for your time and input. I hope this helps
make my situiation a little more clear.
Protect your PC - get McAfee.com VirusScan Online
More information about the luni