Linux Today: Linux News On Internet Time.

More on LinuxToday

NixCraft: Linux audit files to see who made changes to a file

Mar 20, 2007, 18:25 (0 Talkback[s])
(Other stories by Vivek)


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

[ Thanks to Nobody for this link. ]

"Modern Linux kernel (2.6.x) comes with auditd daemon. It’s responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option.In order to use audit facility you need to use following utilities:

"=> auditctl - a command to assist controlling the kernel’s audit system. You can get status, and add or delete rules into kernel audit system."

Complete Story

Related Stories: