Quote:
Originally Posted by kk1001
how should i know who has accessed /var/log folder except root. If anyone has tried to access any log files where will be the error message generated.
|
MAC works on top of DAC so if the DAC doesn't allow it then the MAC doesn't need to be queried and doesn't need to generate any rejects. And if there's no audit rules specified then they won't be triggered.
Quote:
Originally Posted by kk1001
I also want to know who has modified what file on a daily basis.
|
Without any details I'd say a combination of a logging shell (Rootsh), Auditd rules (or LoggedFS?), remote syslog.