audit system

This is one of the key questions many new sys admin ask: How do I audit file events such as read / write etc? How can I use audit to see who changed a file in Linux? The answer is to use 2.6 kernel’s audit system. Modern Linux kernel (2.6.x) comes with auditd daemon. It’s […]

{ Comments on this FAQ are closed. If you'd like to continue the discussion on this topic, you can do so at our forum. }