ausearch command

This is one of the key questions many new sys admin ask: How do I audit file events such as read / write etc? How can I use audit to see who changed a file in Linux? The answer is to use 2.6 kernel’s audit system. Modern Linux kernel (2.6.x) comes with auditd daemon. It’s […]

{ 54 comments }