Setting Up AIX Audit
Posted on 2013-06-16
I have a server that a set of of files are deleted each week in a specific directory. The fact it's occurring around the same time each weekend, I suspect that it's a cron process running. There are too many scripts in cron to go through so I was wondering if it's possible to enable the AIX auditing subsystem to detect when a file in a specific directory is deleted and to report who or what process removed it. If this can be done with the audit subsystem, I need help in configuring this.