How to identify the user who may perform some deleting operation over a file?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
There is a folder that maybe accessible to multiple users. If there is a file was deleted, is that possible to know which user delete this file and when? Thanks.
linux command-line filesystems
edited Oct 17 '17 at 5:25
peterh
3,91882755
asked Oct 16 '17 at 21:51
user288609
3412412
add a comment |Â
up vote
1
down vote
favorite
There is a folder that maybe accessible to multiple users. If there is a file was deleted, is that possible to know which user delete this file and when? Thanks.
linux command-line filesystems
edited Oct 17 '17 at 5:25
peterh
3,91882755
asked Oct 16 '17 at 21:51
user288609
3412412
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
There is a folder that maybe accessible to multiple users. If there is a file was deleted, is that possible to know which user delete this file and when? Thanks.
linux command-line filesystems
edited Oct 17 '17 at 5:25
peterh
3,91882755
asked Oct 16 '17 at 21:51
user288609
3412412
There is a folder that maybe accessible to multiple users. If there is a file was deleted, is that possible to know which user delete this file and when? Thanks.
linux command-line filesystems
edited Oct 17 '17 at 5:25
peterh
3,91882755
asked Oct 16 '17 at 21:51
user288609
3412412
edited Oct 17 '17 at 5:25
peterh
3,91882755
edited Oct 17 '17 at 5:25
peterh
3,91882755
edited Oct 17 '17 at 5:25
peterh
3,91882755
3,91882755
asked Oct 16 '17 at 21:51
user288609
3412412
asked Oct 16 '17 at 21:51
user288609
3412412
asked Oct 16 '17 at 21:51
user288609
3412412
3412412
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
6
down vote
Yes. Use audit software. A popular implementation is audit or auditd. To help "prime the pump" on audit rules, one can acquire many audit-related rules for the software via the DISA STIG.
Although the hyperlink points to a STIG (Security Technical Implementation Guide) for RHEL6 (RedHat Linux 6), it is nonetheless a good security baseline that will be mostly appropriate for your Linux system, perhaps with some interpolation to match your Linux.
The software is developed by RedHat but available for any Linux. There is
helpful documentation available.
answered Oct 16 '17 at 22:00
Christopher
8,91022742
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
6
down vote
Yes. Use audit software. A popular implementation is audit or auditd. To help "prime the pump" on audit rules, one can acquire many audit-related rules for the software via the DISA STIG.
Although the hyperlink points to a STIG (Security Technical Implementation Guide) for RHEL6 (RedHat Linux 6), it is nonetheless a good security baseline that will be mostly appropriate for your Linux system, perhaps with some interpolation to match your Linux.
The software is developed by RedHat but available for any Linux. There is
helpful documentation available.
answered Oct 16 '17 at 22:00
Christopher
8,91022742
add a comment |Â
up vote
6
down vote
Yes. Use audit software. A popular implementation is audit or auditd. To help "prime the pump" on audit rules, one can acquire many audit-related rules for the software via the DISA STIG.
Although the hyperlink points to a STIG (Security Technical Implementation Guide) for RHEL6 (RedHat Linux 6), it is nonetheless a good security baseline that will be mostly appropriate for your Linux system, perhaps with some interpolation to match your Linux.
The software is developed by RedHat but available for any Linux. There is
helpful documentation available.
answered Oct 16 '17 at 22:00
Christopher
8,91022742
add a comment |Â
up vote
6
down vote
up vote
6
down vote
Yes. Use audit software. A popular implementation is audit or auditd. To help "prime the pump" on audit rules, one can acquire many audit-related rules for the software via the DISA STIG.
Although the hyperlink points to a STIG (Security Technical Implementation Guide) for RHEL6 (RedHat Linux 6), it is nonetheless a good security baseline that will be mostly appropriate for your Linux system, perhaps with some interpolation to match your Linux.
The software is developed by RedHat but available for any Linux. There is
helpful documentation available.
answered Oct 16 '17 at 22:00
Christopher
8,91022742
Yes. Use audit software. A popular implementation is audit or auditd. To help "prime the pump" on audit rules, one can acquire many audit-related rules for the software via the DISA STIG.
Although the hyperlink points to a STIG (Security Technical Implementation Guide) for RHEL6 (RedHat Linux 6), it is nonetheless a good security baseline that will be mostly appropriate for your Linux system, perhaps with some interpolation to match your Linux.
The software is developed by RedHat but available for any Linux. There is
helpful documentation available.
answered Oct 16 '17 at 22:00
Christopher
8,91022742
edited Oct 16 '17 at 22:06
answered Oct 16 '17 at 22:00
Christopher
8,91022742
answered Oct 16 '17 at 22:00
Christopher
8,91022742
answered Oct 16 '17 at 22:00
Christopher
8,91022742
8,91022742
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f398504%2fhow-to-identify-the-user-who-may-perform-some-deleting-operation-over-a-file%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
