The Linux Audit system provides a way to determine the violator of the security policy and the actions they performed such as tracking malicious changes on the oracle executable.
Using Linux Audit system we can basically do the following activities :
- Watching file access
- Monitoring system calls
- Recording commands run by a user
- Recording security events
In this short blog post i will show how we can easily use it to catch changes in “./bin” directory.