Install audit on your machine if it is not installed yet. To find out if auditd is installed follow the following steps:
1. Open the terminal
2. Go to the installation directory of the agent (e.g. /home/.../.../bin)
3. Execute this command: ./audit_manager check
If there is no output, then you do not have to install auditd. However, if the output says “Please install auditd” you have to install auditd
Examples for installing auditd
sudo apt-get install auditd or yum install auditd.
Adding directory to audit:
1. Open the terminal
2. Go to the installation directory of the agent (e.g. /home/.../.../bin)
3. Execute this command: ./audit_manager add <full path of directory surrounded by quotes>
Example:
./audit_manager add “/home/username/Documents/”
Deleting directory to audit:
1. Open the terminal
2. Go to the installation directory of the agent (e.g. /home/.../.../bin)
3. Execute this command: ./audit_manager delete <full path of directory surrounded by quotes>
Example:
./audit_manager delete “/home/username/Documents/”
List audit rules:
1. Open the terminal
2. Go to the installation directory of the agent (e.g. /home/.../.../bin))
3. Execute this command: ./audit_manager list