Install auditd to monitor addition and deletion in /var/www
#To install auditd in ubuntu
apt-get install auditd
Reboot the System and it will be working fine
To search addition or deletion activity on /var/www
ausearch -f /var/www
#To install auditd in ubuntu
apt-get install auditd
nano /etc/audit/audit.rules
# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
# First rule - delete all
-D
# Increase the buffers to survive stress events.
# Make this bigger for busy systems
-b 1024
-a exit,always -S unlink -S rmdir
-a exit,always -S stime.*
-a exit,always -S setrlimit.*
-w /var/www -p wa
-w /etc/group -p wa
-w /etc/passwd -p wa
-w /etc/shadow -p wa
-w /etc/sudoers -p wa
# Disable adding any additional rules - note that adding *new* rules will require a reboot
-e 2Reboot the System and it will be working fine
To search addition or deletion activity on /var/www
ausearch -f /var/www
No comments:
Post a Comment