How to configure PAM to Audit Login Shell User Activity on Linux

The audit system uses the pam_tty_audit PAM module to enable or disable auditing of TTY input for specific user or all users. When the audited user logs in, pam_tty_audit module…

Read more »

Audit System Time Changes on Linux|Centos|RHEL|Ubuntu|Debian

On a Linux system, auditing a few system calls we can easily track who makes system time changes. Refer to the solution section to know about related system calls to…

Read more »

Audit or track system hostname change on Linux|Centos|RHEL|Ubuntu|Debian

On a Linux system, auditing a few system calls and some specific files, we can easily track who makes system hostname change. Refer to the solution section to know about…

Read more »

Audit or Track All Commands on Linux|Centos|RHEL|Ubuntu|Debian

On a Linux system, we get information about all commands executed on Linux shell by monitoring execve() system call. This article provides information on audit or track all commands on…

Read more »

How To Check Who Changes or Modifies File or Directory on Linux|centos|ubuntu|RHEL

On a Linux system, we can easily track changes occur to files or directories by using auditd watch rule. This article will help to provide complete information on how to…

Read more »
Linux Audit Architecture

What is audit daemon or service in Linux

auditd is a userspace component to the Linux Auditing System. It’s responsible for writing audit records to the disk. Viewing the logs is done with the ausearch or aureport utilities….

Read more »