We have enabled audit on files insode AIX systems and it's working as expected. For example, if you edit and change /etc/myfile.conf with VI, a record is shown on audit logs:
S_ENVIRON_WRITE root root Thu Feb 11 10:59:01 2016 OK vi
fichero audit object write event detected /etc/myfile.conf
But, the question:
Is possible to audit, using auditbin, the diff with original and the changed /etc/myfile.conf file?
If I remember well, auditd on Linux can do this.