Audit.rules

Logging root actions by capturing execve system calls

audit
audit.rules
auditctl

Logging all actions performed by root might be needed for compliance or security. With the help of Linux audit we log all root actions easy in an audit log.

Linux Audit Framework 101 – Basic Rules for Configuration

audit
audit.rules
auditctl
auditd
auditd.conf
ausearch

The Linux audit framework is a very powerful tool to monitor files, directories, and system calls. Learn how to configure it.