how could I intercept linux sys calls?

Question

Besides the LD_PRELOAD trick , and Linux Kernel Modules that replace a certain syscall with one provided by you , is there any possibility to intercept a syscall ( open for

Answer 1

Sounds like you need auditd.

Auditd allows global tracking of all syscalls or accesses to files, with logging. You can set keys for specific events that you are interested in.