Filesystem audit log

Hi, I would like to keep an audit log of any filesystem actions, not through just Samba.

Is it safe/possible to install auditd in Univention and use it to audit directories?

Gerald

Yes, see Auditd und acct

  • For installing auditd you have to enable the unmaintained repository, e.g. sudo ucr set repository/online/unmaintained=yes and univention-install auditd.
  • The same can be done graphically by using the UMC modules Repository Settings and Package management.

I recently wrote a private blog article about how to use audit, which also includes examples for logging file access.

Be warned that enabling too much logging can dramatically reduce the performance of your system!

Mastodon