Audit delete commands in Linux

(This article is the essence of a post from this Redhat Archive and it goes as follows: Problem: You need to detect what deletes files on your Linux Solution: Using auditd, with the right flags, you could get a lot of information. In Practice: If the mount point/directory is /oracle, then: (as root:) auditctl –w /oracle -k whodeletedit -p…

|

Quick and dirty delete old files, with exclude list and support for filenames with spaces

Here’s a little script I’ve written which deletes older than AGE days files, and has an exclude list, just in case. It’s meant to be run by cron on a daily basis: #!/bin/sh # Source of all evil DIR=/ftp # Age of file in days AGE=10 # Exclude list – Use pipe (|) seperated values….