Hi Team,
We have requirement where we have to monitor and log any read operations performed on a file.
e.g. /a/b/c/xyz.log
This file is usually copied and downloaded by many users using various operations, like, wget, ssh, jsp Download link provided. These commands are fired from different hosts.
With the auditd we want to create a rule which auditctl can leverage to log the User ID that is reading (and copying) it from a different host may be. I have gone through many of the rules but didn't find anything fruitful as such (which logs wget, scp commands from remote hosts). May be I am missing on something. Since it is a very crucial requirement, appreciate your guidance and directions with this.
Let me know in case you require any further information from my end. Many thanks in advance.
Thanks and Regards,Varun Gulati