AIX UNIX: File auditing to track reads and writes changes

I’ve already writing about Linux file auditing to track who made changes to a file. In this article, you will learn how to track several events on AIX with auditing, a major feature of AIX security, and learn how to use auditing to keep track of the read and write operations on a file. Also examine commands, such as ls or istat, to check a file’s time stamp:

AIX UNIX provides easy ways to track the last time a file was accessed. The ls command is one example. But sometimes you want to know who, or which process, accessed the file. You might need such information for debugging or keeping track of important files. You can track information related to read and write operations on a file with the help of auditing.

In AIX, auditing systems are intended to record security-related information and to alert administrators about security breaches. You can customize the configuration and objects files, which are used by the auditing subsystem to keep track of any file you want. You can also use the real-time monitoring feature of auditing to keep track of some processes and files that are being modified randomly by unidentified processes.

AIX File Auditing Howto


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum