Hello,
How can I find which parts of system changed and by who? For example, the IP address of a NIC or content of a file.
Thank you.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Which parts of system changed and by who?
Re: Which parts of system changed and by who?
I guess it is installed by default? A log file like "audit" under "var" directory never tell me that which parts of system changed. For example, the IP address of eth0 was 192.168.0.1 and "jason" user changed it to "192.168.0.2" .ruwolf wrote:You probably want something like auditd.
Re: Which parts of system changed and by who?
I installed it and did a test as below:
Then open that file with "nano" and added a comment line then:
But it can't show me the line that I added.
Any idea?
Code: Select all
# auditctl -w "/etc/networks" -k "network_log"
Code: Select all
# ausearch -k "network_log" | aureport -f -i
Any idea?