The Linux Auditing System and auditd are a great way to monitor who and when changes are made to the files in your website. To install and configure follow these steps:
1. Install auditd and related utilities:
|
1 |
yum install audit |
2. Make sure auditd is running:
|
1 2 |
/sbin/chkconfig --list auditd auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
3. Edit /etc/audit/auditd.conf and change:
|
1 |
action_mail_acct = [your email address] |
This sets any action emails to go to your preferred address.
4. Edit /etc/audit/audit.rules and add a line like this to the bottom:
|
1 |
-w [path_to_website] -p wa -k [key] |
So if you website is located at:
|
1 |
/var/www/vhosts/mysite.com/httpdocs |
Then a command like:
|
1 |
-w /var/www/vhosts/mysite.com/httpdocs -p wa -k mysite |
would setup auditing of write and attribute change requests. Events matching this rule would be tagged with the “mysite” key.
|
1 |
/sbin/service auditd restart |
Audit logs go to:
|
1 |
/var/log/audit/audit.log |