auditing:audit_a_file
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| auditing:audit_a_file [2016/07/16 09:55] – peter | auditing:audit_a_file [2019/11/26 20:07] (current) – removed peter | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Auditing - Audit a file ====== | ||
| - | |||
| - | Please be careful before creating rules. It will increase your log file size significantly if too much information to record. | ||
| - | |||
| - | ===== Audit file access ===== | ||
| - | |||
| - | <code bash> | ||
| - | sudo auditctl -w /etc/passwd -p rwxa | ||
| - | </ | ||
| - | |||
| - | * -w path ; this parameter will insert a watch for the file system object at path. On the example above, auditd will watch the /etc/passwd file. | ||
| - | * -p ; this parameter describes the permission access type that a file system watch will trigger on. | ||
| - | * rwxa ; are the attributes which bind to -p parameter above. r is read, w is write, x is execute and a is attribute. | ||
| - | |||
| - | |||
auditing/audit_a_file.1468662913.txt.gz · Last modified: 2020/07/15 09:30 (external edit)