If you are running a mission critical web server, or maintaining a storage server loaded with sensitive data, you probably want to closely monitor file access activities within the server. For example, you want to track any unauthorized change in system configuration files such as /etc/passwd.
To monitor who changed or accessed files or directories on Linux, you can use the Linux Audit System which provides system call auditing and monitoring. In the Linux Audit System, a daemon called auditd is responsible for monitoring individual system calls, and logging them for inspection.
In this tutorial, I will describe how to monitor file access on Linux by using auditd.
To install auditd on Debian, Ubuntu or Linux Mint:
“How to monitor file access on Linux with auditd”Continue reading