How to monitor filesystem changes with auditd

What is auditd?

Auditd is the userspace component to the Linux Auditing System which operates at the kernel level and provides hooks to various system calls and file system operations. System administrators can use auditd to set up rules that trigger log entries every time a process invokes a system call or accesses a file / directory. This article focuses on file system monitoring...

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

How to monitor filesystem changes with auditd

What is auditd?

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

What is auditd?

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links