tips:audit

Book Creator
Add this page to your book

Book Creator
Remove this page from your book

Manage book(0 page(s))

This is an old revision of the document!

Audit

apt-get install auditd

Add watcher to /etc/audit/audit.rules to detect delete or write/append of /shares/pubblica/esca.doc

-w /shares/pubblica/esca.doc -p wa -k esca

Restart service auditd

Search events

ausearch -k esca

tips/audit.1436438285.txt.gz · Last modified: 2015/07/09 12:38 by scipio