Originally Posted by unSpawn
By default Linux distributions do not come with a perfect audit trail configured out of the box. So until you configure one (audit service, LoggedFS, rootsh, etc, etc) there'll be only inode meta data (see 'man stat'), users shell history (if any) or application "recent files" functionality (if any), none of which should be taken as complete or authoritative.
cool , I found the application "LoggedFS" but now I tried to understand couple things..
where do the logs are going? (where I can find them)?
is it possible that it will go into CSV file?
can I filter to see only "READ" ?
and how can I configure on what places it will monitor? is it possible to monitor "everything" ? all partitions etc?
i just came from windows and I don't know nothing about linux ! so complicated HAHA all these terminal commands !