Auditd or audit daemon, is a userspace component to the Linux Auditing System. It’s responsible for writing audit records to the disk.

Use man auditd to see more detail about auditd; or man ausearch to see more detail about ausearch tool.

Audit a directory

Audit a file

Example

Install auditd

List auditd rules

Start auditd

View the audit log

View audit reports