ubuntu:auditing:audit_a_file
This is an old revision of the document!
Auditing - Audit a file
WARNING: Please be careful before creating rules.
It will increase your log file size significantly if too much information to record.
Audit file access
sudo auditctl -w /etc/passwd -p rwxa
- -w path ; this parameter will insert a watch for the file system object at path. On the example above, auditd will watch the /etc/passwd file.
- -p ; this parameter describes the permission access type that a file system watch will trigger on.
- rwxa ; are the attributes which bind to -p parameter above. r is read, w is write, x is execute and a is attribute.
ubuntu/auditing/audit_a_file.1574798917.txt.gz · Last modified: 2020/07/15 09:30 (external edit)