This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
система_linux_auditing [2017/05/29 15:30] val [Поиск событий] |
система_linux_auditing [2020/07/22 20:03] (current) val [Поиск событий] |
||
---|---|---|---|
Line 15: | Line 15: | ||
# auditctl -w /etc/passwd -p rwa -k passwords-files | # auditctl -w /etc/passwd -p rwa -k passwords-files | ||
# auditctl -w /etc/shadow -p rwa -k passwords-files | # auditctl -w /etc/shadow -p rwa -k passwords-files | ||
+ | |||
+ | # auditctl -l | ||
# cat /etc/audit/audit.rules | # cat /etc/audit/audit.rules | ||
Line 39: | Line 41: | ||
# ausearch -k passwords-files | # ausearch -k passwords-files | ||
- | |||
- | # ausearch -f /etc/passwd -i | grep user1 | ||
</code> | </code> |