Track file changes using auditd

Most of Linux distributions comes with Linux Auditing System that makes it possible to track file changes, file accesses as well as system calls. It’s pretty useful functionality for sysadmins who wish to know who and when accessed and/or changed sensitive files like /etc/passwd, /etc/sudoers or others. Daemon auditd that usually runs in background and starts after reboot by default logs those events into /var/log/audit.log file (or into other file if […]

Read more →