<div>
<div class="content wysiwyg-content">
We have enabled &nbsp;audit on files insode AIX systems and it's working as expected. For example, if you edit and change /etc/myfile.conf with VI, a record is shown on audit logs:<br />
<br />
S_ENVIRON_WRITE root &nbsp; &nbsp; root &nbsp; &nbsp; Thu Feb 11 10:59:01 2016 OK &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;vi<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;fichero audit object write event detected /etc/myfile.conf<br />
<br />
But, the question:<br />
&nbsp;Is possible to audit, using auditbin, &nbsp;the diff with original and the changed /etc/myfile.conf file?<br />
<br />
If I remember well, auditd on Linux can do this.<br />
<br />
Thanks.
</div>
</div>


We have enabled  audit on files insode AIX systems and it's working as expected. For example, if you edit and change /etc/myfile.conf with VI, a record is shown on audit logs:

S_ENVIRON_WRITE root     root     Thu Feb 11 10:59:01 2016 OK          vi
         fichero audit object write event detected /etc/myfile.conf

But, the question:
 Is possible to audit, using auditbin,  the diff with original and the changed /etc/myfile.conf file?

If I remember well, auditd on Linux can do this.

Thanks.

show diff on audited files after editition AIX

Unix is a multitasking, multi-user computer operating system originally developed in 1969 at Bell Labs. Today, it is a modern OS with many commercial flavors and licensees, including FreeBSD, Hewlett-Packard’s UX, IBM AIX and Apple Mac OS-X. Apart from its command-line interface, most UNIX variations support the standardized X Window System for GUIs, with the exception of the Mac OS, which uses a proprietary system.