Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


NixCraft: Linux audit files to see who made changes to a file

Mar 20, 2007, 18:25 (0 Talkback[s])
(Other stories by Vivek)

[ Thanks to Nobody for this link. ]

"Modern Linux kernel (2.6.x) comes with auditd daemon. It’s responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option.In order to use audit facility you need to use following utilities:

"=> auditctl - a command to assist controlling the kernel’s audit system. You can get status, and add or delete rules into kernel audit system."

Complete Story

Related Stories: