How to enable FILE AUDITING in Linux?
Posted on 2007-10-10
I am running a SAMBA server On RedHat Enterprise Linux 3, and am sharing out an entire directory tree to Windows users on a Windows network.
Someone on the network is deleting / changing files in this subtree, and I need to somehow be able to audit this. Can anyone make suggestions? Here are some of my concerns:
- I'm not very familiar with Linux, although I'm not afraid of getting around it.
- I'm running SAMBA, but I'm not sure if SAMBA is linked to my Active Directory for users authentication, or if LINUX is just allowing ALL calls to the share / directory tree (how can I determine this?)
- If SAMBA is just allowing open access via the SAMBA service account (or however SAMBA runs), if auditing is enabled, is there any way to see what COMPUTER connected to the share and changed / deleted?
Any help is appreciated, thanks!