Audit delete commands in Linux
(This article is the essence of a post from this Redhat Archive and it goes as follows: Problem: You need to detect what deletes files on your Linux Solution: Using auditd, with the right flags, you could get a lot of information. In Practice: If the mount point/directory is /oracle, then: (as root:) auditctl –w /oracle -k whodeletedit -p…