Audit Files And Directories

title: “Audit Files And Directories”
date: 2016-03-24T15:06:19
slug: audit-files-and-directories

Audit files

auditctl -w /etc/passwd -p rwxa

With :

  • -w path ; this parameter will insert a watch for the file system object at path. On the example above, auditd will wacth /etc/passwd file

  • -p ; this parameter describes the permission access type that a file system watch will trigger on

  • rwxa ; are the attributes which bind to -p parameter above. r is read, w is write, x is execute and a is attribute

  • If ‘-p xxx’  is not specivied, all kinds of access are logged

Audit directories

To audit directories, we will use a similar command. Let’s take a look at the command below :

auditctl -w /production/

The above command will watch any access to the /production folder.

Print Friendly, PDF & Email