Practical Monitoring: Effective Strategies for the Real World ✍️ by Mike Julian

auditd is great for tracking user actions and other events through its high level of configurability. For example, some of the types of events it can report on: All sudo executions, the command executed, and who did it File access or changes to specific files, when, and by whom User authentication attempts and failures

2425 ↱