audit

The answer is to use 2.6 kernel’s audit system. Modern Linux kernel (2.6.x) comes with auditd daemon. It’s responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option. The default file is good enough to get started with auditd.
Current version: 2.8.3

History

Effective Date Table ID Version Download URL Project URL Version URL
2024-08-26 12 3.1.2 download project version
2022-03-31 11 3.0 download project version
2020-12-22 10 3.0 download project version
2019-01-17 9 2.8.3 download project version
2017-07-13 8 2.4.1 download project version
2015-06-25 7 2.2.1 download project version
2014-03-07 6 2.2.1 download project version
2013-09-10 5 2.2.1 download project version
2012-10-31 4 2.1.3 download project version
2012-05-01 3 2.1.3 download project version
2005-11-08 2 audit-1.1 download project version