Linux Security Auditing with auditd: Server Event Monitoring

Security · 19.04.2026
Linux Security Auditing with auditd: Server Event Monitoring 
apt install auditd -y && systemctl enable --now auditd
echo "-w /etc/passwd -p wa -k user_changes" >> /etc/audit/rules.d/audit.rules
echo "-w /var/www/ -p wa -k web_changes" >> /etc/audit/rules.d/audit.rules
augenrules --load
ausearch -k web_changes --start today
← Back to Knowledge Base Ask Support