Re: Random files in homedir gets deleted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Friday 04 January 2008 17:18:25 Radu Radutiu wrote:
> Hi you can try to use the kernel audit facility:
> 1) enable the auditd daemon:
> service auditd start
>
> 2) enable audit for the home directory (only audit write operations to
> the directory inode); the command is not recursive and you cannot use
> wildcards
>
> auditctl -w /home/user -pw
>
> 3) after a file disapears use ausearch to find who removed it (and
> what command was used to remove it); suppose file "test" was removed
>
> ausearch -f /home/user/test

Thanks Radu for the directions.
I google for more information and found this very nice article:
http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html

But it seems that there's no man page for the /etc/audit.rules?
-- 
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial 
http://linux2.arinet.org
17:04:31 up 2:35, 2.6.22-14-generic GNU/Linux 
Let's use OpenOffice. http://www.openoffice.org
The real challenge of teaching is getting your students motivated to learn.
-- 
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial 
http://linux2.arinet.org
18:43:16 up 19 min, 2.6.22-14-generic GNU/Linux 
Let's use OpenOffice. http://www.openoffice.org
The real challenge of teaching is getting your students motivated to learn.

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux