about audit deamon

  • vijayan
  • Beginner
  • Beginner
  • vijayan
  • Posts: 52
  • Loc: india

Post 3+ Months Ago

dear friends,

I want to configure auditd in my server for example
if some user has delete file i want to find which users as deleted that file.how should i configure it please help me it a project for me i want to implement on monday.




***********
Vijayan Linux
***********
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

I never used it but I took a quick look at the man pages. In your case, it appears that you would start with the audit_user command.
The auditd man page recommends that you use the audit command to start the daemon but I would make sure that the daemon started by using the ps command.
Run man audit_user for the syntax. Start the audit and then check /var/audit to see if it's entering the information that you want. The related commands are:
audit_user
audit_event
audit_control
auditd
Read the man pages for all of them.
  • vijayan
  • Beginner
  • Beginner
  • vijayan
  • Posts: 52
  • Loc: india

Post 3+ Months Ago

Hi,

Thanks for reply

I have try in my end it is not that much difficult it so easy.

**********
Vijayan linux
*********

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 80 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.