[LUNI] trash

shaun beier shaun_beier at hotmail.com
Tue Nov 12 22:08:00 CST 2002 

Ok .... here is the long story on the trash.

I work for a pharmaceutical company that takes pictures of microscope slides 
via a digital camera. These files are then stored happily on a computer. 
Everyone is happy.

Now, lets bring in the FDA and the FDA's rules on the storage of digital 
data. To make a long story short the following must be done to be compliant: 
a program must be found that can track all files that we generate to ensure 
that no one is overwriting data and that data is not being deleted.

I have found that Tripwire for Linux does this job very nicely. I can have 
Tripwire monitor its own database and policy files so that it can be proved 
that no one is corrupting Tripwire (plus, the program can only be run as a 
root user). I can also make Tripwire monitor a million other directories, 
the most important directory being the one that the digital images are being 
saved to. So everything seems good...

However, I found a flaw with Tripwire that I have to somehow correct. The 
problem with the program is that Tripwire can not monitor files that were 
created and then deleted. The reason being that Tripwire has to run a scan 
on the computer to first know that the file ever existed to know if it was 
deleted. So, if Tripwire does not know a file was created and a user deleted 
it, then Tripwire is also not going to know if the file was deleted. Big 
problem because this does not satisfy the FDA requirement.

Next step... Well, I can setup cron to automatically run Tripwire scans 
about as often as is feasable. However, there are literally thousands of 
images in this directory and a scan of the directory takes about 7.5 min. 
So, taking into account hard drive abouse from being read and written to 
every ten min. this is not feasable. Plus, I talked to the FDA about this 
and the FDA said that if there is a lag time between the scans that are done 
to track the files, then this will also be seen as being deficient (because 
a user could decide to delete new files that Tripwire has not yet tracked in 
the 2.5 min that the computer is resting). So basically, I would have to 
continually be running Tripwire to be compliant, which is not possible.

So, that forces me to have to do something about people not being able to 
delete any data in this directory period, which is why I am asking about 
permissions on deleting things. Basically, any user to the computer can not 
have the ability to delete any file in this directory, but they still need 
to be able to write files to it, which is what stops me from simply removing 
the write privleges from the directory.

That is the long story of the problem that I am trying to deal with. If 
anyone can suggest another program that has real time non stop file 
monitoring, then I would be happy to take a look at that. I have not not 
found any software to do this however. Also, if anyone knows how to restrict 
deleting privleges to a directory by a user, then that would be helpful 
also.

Again, thank all of you so much for your time and input. I hope this helps 
make my situiation a little more clear.

Shaun

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

More information about the luni mailing list