How to monitor filesystem changes with auditd

Updated -

What is auditd?

Auditd is the userspace component to the Linux Auditing System which operates at the kernel level and provides hooks to various system calls and file system operations. System administrators can use auditd to set up rules that trigger log entries every time a process invokes a system call or accesses a file / directory. This article focuses on file system monitoring...

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content