Linux file auditing howto
This is one of the key questions asked by new admins - How do I audit file events such as read / write etc? How can I use audit to see who changed a file in Linux?
The answer is to use Linux 2.6 kernelís audit system. Modern Linux kernel (2.6.x) comes with auditd daemon. Itís responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option. The default file is good enough to get started with auditd.
(Submitted by nixcraft Wed Mar 21, 2007 )
Our content can be syndicated: Main page Mac Page
Copyright 1999-2005 Noel Davis. Noel also runs web sites about sailing and kayaking.
All trademarks are the property of their owners.
All articles are owned by their author