Hi, I would like to keep an audit log of any filesystem actions, not through just Samba.
Is it safe/possible to install auditd in Univention and use it to audit directories?
Gerald
Yes, see Auditd und acct
- For installing
auditdyou have to enable theunmaintainedrepository, e.g.sudo ucr set repository/online/unmaintained=yesandunivention-install auditd. - The same can be done graphically by using the UMC modules
Repository SettingsandPackage management.
I recently wrote a private blog article about how to use audit, which also includes examples for logging file access.
Be warned that enabling too much logging can dramatically reduce the performance of your system!
- Similar question in German: Überwachung von Verzeichnissen