问题
Corporate security policies are starting to require low level event logging. For example, file access permission changes. One solution is to use SELinux but our knowledge of this is sparse at best. Another is to replace the command with a proxy which performs auditing (this sucks though).
Any ideas?
回答1:
I think you can look at auditd: http://linux.die.net/man/8/auditd
Also check this thread please: http://www.linuxforums.org/forum/linux-security/109864-auditing-logging-all-commands-arguments.html
来源:https://stackoverflow.com/questions/1438016/how-can-i-audit-all-chmod-and-chgrp-commands