[CentOS] Random files in homedir gets deleted

Fri Jan 25 11:43:45 UTC 2008
Fajar Priyanto <fajarpri at cbn.net.id>

On Friday 04 January 2008 17:18:25 Radu Radutiu wrote:
> Hi you can try to use the kernel audit facility:
> 1) enable the auditd daemon:
> service auditd start
>
> 2) enable audit for the home directory (only audit write operations to
> the directory inode); the command is not recursive and you cannot use
> wildcards
>
> auditctl -w /home/user -pw
>
> 3) after a file disapears use ausearch to find who removed it (and
> what command was used to remove it); suppose file "test" was removed
>
> ausearch -f /home/user/test

Thanks Radu for the directions.
I google for more information and found this very nice article:
http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html

But it seems that there's no man page for the /etc/audit.rules?
-- 
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial 
http://linux2.arinet.org
17:04:31 up 2:35, 2.6.22-14-generic GNU/Linux 
Let's use OpenOffice. http://www.openoffice.org
The real challenge of teaching is getting your students motivated to learn.
-- 
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial 
http://linux2.arinet.org
18:43:16 up 19 min, 2.6.22-14-generic GNU/Linux 
Let's use OpenOffice. http://www.openoffice.org
The real challenge of teaching is getting your students motivated to learn.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20080125/4cba531a/attachment-0004.sig>