Linux audit files to see who made changes to a file

2007-03-21 06:30:04
This is one of the key questions asked by new admins - How do I audit file events such as read / write etc? How can I use audit to see who changed a file in Linux?

The answer is to use2.6 kernel's audit system. Modern Linux kernel (2.6.x) comes with auditd daemon. It's responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option. The default file is good enough to get started with auditd.

Related tags

Audit Linux File System Linux File System Source Code Linux Scp File Linux File Linux File Server Linux Config File Linux Kickstart File Linux Server File File Sharing Programs For Linux Ln File Text File Editor Read Linux Source Code Linux Daemon Linux Restart Daemon Auditd Read Daemon Linux Questions Write Programs For Linux

This particular article has been collected via RSS syndication. We apologize if it's too brief.
If You wish to publish articles on LinuxStreet.net please contact us.

Similar articles found on LinuxStreet

How to convert PDF files to HTML or XML files in openSUSE

Tips from an RHCE: Visualizing audit logs with mkbar

CLI Magic: Zip your files across the network with Woof

14 of the Best Free Linux File Managers

xmldiff patches XML files by sending just the changes

Efficient rsyncrypto hides remote sync data

When files disappear, Magic Rescue saves the day

Edit and compare giant binary files with lfhex

PeaZip: Robust But Easy OSS File Management, Compression and Archiving

Menu

Links

Sponsors

Google ads

Popular Tags

Fortune Cookie

Your Ad ?

Linux audit files to see who made changes to a file

Leave a comment on this article

Comments (0)