logfence is a FUSE based file system that acts as an overlay, which allows only one process to modify each file at a time.
It is designed to be a simple and effective, generic tool that prevents log tampering transparently.
- Prevents a process from opening a file for writing, if another process writes to it
- Prevents a process from deleting a file, if another process writes to it
- Prevents a process from touching a file, if another process writes to it
- Logs all violations to the system log
Application A (Python) writes a log file (/var/log/fdfd). The evil application B (another instance of Python) tries to ruin the log, but fails because logfence prevents it from opening it for writing.
compat/sys/queue.h was taken from OpenBSD, for wider compatibility with C libraries; see the legal information at the top.
logfence itself is free and unencumbered software released under the terms of the MIT license; see COPYING for the license text. For a list of its authors and contributors, see AUTHORS.