tips:audit

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
tips:audit [2015/07/09 12:38] – created scipiotips:audit [2019/01/21 11:17] (current) scipio
Line 6: Line 6:
 </code> </code>
  
-Add watcher to /etc/audit/audit.rules to detect delete or write/append of /shares/pubblica/esca.doc+Add watcher to **/etc/audit/audit.rules** to detect delete or write/append of /shares/pubblica/esca.doc
 <code> <code>
 -w /shares/pubblica/esca.doc -p wa -k esca -w /shares/pubblica/esca.doc -p wa -k esca
Line 15: Line 15:
 Search events Search events
 <code> <code>
-ausearch -k esca+ausearch -k esca | aureport -f -i
 </code> </code>
  • tips/audit.1436438285.txt.gz
  • Last modified: 2015/07/09 12:38
  • by scipio