What is auditd?
Auditd is the userspace component to the Linux Auditing System which operates at the kernel level and provides hooks to various system calls and file system operations. System administrators can use auditd to set up rules that trigger log entries every time a process invokes a system call or accesses a file / directory. This article focuses on file system monitoring...
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.