I’ve already writing about Linux file auditing to track who made changes to a file. In this article, you will learn how to track several events on AIX with auditing, a major feature of AIX security, and learn how to use auditing to keep track of the read and write operations on a file. Also examine commands, such as ls or istat, to check a file’s time stamp:
AIX UNIX provides easy ways to track the last time a file was accessed. The ls command is one example. But sometimes you want to know who, or which process, accessed the file. You might need such information for debugging or keeping track of important files. You can track information related to read and write operations on a file with the help of auditing.
In AIX, auditing systems are intended to record security-related information and to alert administrators about security breaches. You can customize the configuration and objects files, which are used by the auditing subsystem to keep track of any file you want. You can also use the real-time monitoring feature of auditing to keep track of some processes and files that are being modified randomly by unidentified processes.