Lightweight change control system for Linux and Unix servers

This blog has an interesting write up on a change control system for Linux. I think it’s more of a notification system than change control as it’s not a system as such, but still very handy for small operations or even use it on your own set of servers that you manage.

File access Auditing – File Deletions

To monitor a user that has or is deleting items on the file system with an Active Directory Domain, follow these simple steps.

  1. Audit Object access > Success, Failure is enabled on audit policy GPO for domain controllers.
    E.g. Enable “Audit Object Access Events” for success and failure”.
  2. Identify folders to be audited using the auditing tab in folder properties and assign auditing to the users and folders/subfolders and specific items areas.
  3. Check the event log secuirty log section of the file server in question.
    For Ws2003 see Event 560 Object Name and Event 564 or 567
    *** For WS 2008 ***
    560 = 4656
    562 = 4658
    567 = 4663
    For file delete events ID 4663 and 4656