tips:audit

Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

This is an old revision of the document!

Audit

apt-get install auditd

Add watcher to /etc/audit/audit.rules to detect delete or write/append of /shares/pubblica/esca.doc 

-w /shares/pubblica/esca.doc -p wa -k esca

Restart service auditd

Search events 

ausearch -k esca
  • tips/audit.1436438285.txt.gz
  • Last modified: 2015/07/09 12:38
  • by scipio