book

Mastering Linux Security and Hardening

by Donald A. Tevault

January 2018

Intermediate to advanced

376 pages

8h 45m

English

Packt Publishing

Read now

Unlock full access

Content preview from Mastering Linux Security and Hardening

Auditing a file for changes

Now, let's say that we want to see when someone changes the /etc/passwd file. (The command that we'll use will look a bit daunting, but I promise that it will make sense once we break it down.) Look at the following code:

[donnie@localhost ~]$ sudo auditctl -w /etc/passwd -p wa -k passwd_changes[sudo] password for donnie:[donnie@localhost ~]$ sudo auditctl -l-w /etc/passwd -p wa -k passwd_changes[donnie@localhost ~]$

Here's the breakdown:

-w: This stands for where, and it points to the object that we want to monitor. In this case, it's /etc/passwd.
-p: This indicates the object's permissions that we want to monitor. In this case, we're monitoring to see when anyone either tries to (w)rite to the file, or tries ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Linux Security and Hardening, The Practical Security Guide

Jason Cannon

Learning Linux Security

Ric Messier

Mastering Linux Administration

Alexandru Calcatinge, Julian Balog

Practical Linux System Administration

Kenneth Hess

Publisher Resources

ISBN: 9781788620307Other