Wanna audit your Files in Linux Systems !! – Part 1

Its so simple …

What audit means – Check who made changes to a file like read or write !!

A daemon named auditd is in the linux kernel which is responsible for auditining the predefined files according to the rules defined in /etc/audit.rules ,but it can be customized for desired files .

It’s installed by default , if not then.

#yum install audit

Start the daemon if not started

#service auditd start

Make the daemon to start while system boots ,

#chkconfig auditd on

Customize for desired files to be audited
auditctl : The command used for controlling the kernel’s audit system to get status, and add or delete rules into kernel audit system. Set a a watch on the desired file to be audited as :

# auditctl -w /usr/sbin/crond -p rwxa -k cron-daemon

Where
-w : optioon used to watch the file /usr/sbin/crond
-p : set permission to watch the file ,here w – write , r – read , x – execute , a- append
-k : set a filter key (a string upto 31 chars long) used to uniquely identify the audit records produced by watch

Advertisements

About Divyashree - The GNULINUX Guy

I am a Linux and Opensource enthusiast. I started working on Linux early in 2007 while I was doing my Masters in Computer Science and passed out in 2010. Currently working as a DevOps Developer in in Public/Private cloud domain. my @github : https://github.com/kumarprd my @nagiosexchange : https://exchange.nagios.org/directory/Owner/divyaimca/1 my @linkedin : https://www.linkedin.com/in/priyadarshee-kumar-☁-a9415615
This entry was posted in TUTORIALS. Bookmark the permalink.

3 Responses to Wanna audit your Files in Linux Systems !! – Part 1

  1. I almost never leave a response, but after reading
    a few of the comments on Wanna audit your Files in Linux Systems !
    ! – Part 1 | FOSS -THE FUTURE IS HERE. I actually do have a couple
    of questions for you if it’s allright. Could it be just me or does it appear like a few of the comments look as if they are written by brain dead individuals? 😛 And, if you are posting on additional places, I’d like to keep
    up with everything new you have to post. Could you post a
    list of every one of all your social community sites like your twitter feed, Facebook page or linkedin profile?

  2. Thanks for your personal marvelous posting! I genuinely enjoyed reading it,
    you happen to be a great author.I will make certain to bookmark your blog and may come back at some point.
    I want to encourage you to ultimately continue
    your great writing, have a nice morning!

  3. いいえ を持たなければならない の さらに 装飾、ステラ なめらかな
    シルエット しません 必要 任意。 ティーバッグの使用はまた
    別 代替 に 奪う 染色。私は それにもかかわらず リコール これら 厳しい 時間。
    としてされている 主張 先述の、コーチ 財布することができます 発見 本当に ずいぶん あらゆる場所
    これら 日。

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s