This really isn't possible to answer without more information. If it's possible to do it, then it's possible to do it in Perl. But whether it's possible depends on what permissions you have, relative to the permissions of the users you want to monitor. Do you have root access? Are you able to replace the system cp command with a wrapper that would log uses? Can you prevent them from using other commands to circumvent this, like:
$ cat file1 >file2
Have you looked at a program like Tripwire? It keeps a database of files that are on the system, and you can run it as often as you like to see what files have been created/changed/deleted. That won't tell you how they were created, whether by cp or whatever, but maybe that's not the point. If it showed a suspicious file, you might be able to look through that user's history to see how it was created.
Aaron B.
Available for small or large Perl jobs; see my home node.
|