How To Write Custom System Audit Rules on CentOS 7
The Linux Audit System creates an audit trail, a way to track all kinds of information on your system. It can record a lot of data like types of events, the date and time, user IDs, system calls, processes, files used, SELinux contexts, and sensitivity levels. It can track whether a file has been accessed, edited, or executed. It can even track if changes to file attributes.