Beginner Pro

File Integrity Monitoring for Sensitive Directories

Monitor and detect unauthorized modifications, deletions, or attribute changes in sensitive directories, such as /etc/, using Auditd for real-time monitoring and Splunk for centralized log analysis.

Self-Paced by Rajneesh Gupta

Overview

Monitor and detect unauthorized modifications, deletions, or attribute changes in sensitive directories, such as /etc/, using Auditd for real-time monitoring and Splunk for centralized log analysis. By simulating potential threats, such as file tampering or deletion, students will gain hands-on experience in setting up file integrity monitoring, analyzing logs for forensic purposes, and implementing incident response strategies to secure critical system files.

Key Outcomes:

  • Configure Auditd for real-time file integrity monitoring to track unauthorized modifications, deletions, permission changes.

  • Gain practical experience in detecting file tampering by simulating attacks.

  • Forward Auditd logs to Splunk to enable centralized visibility, correlation, and long-term retention of file integrity events.

  • Analyze forensic logs in Splunk to identify the responsible user, executed commands, timestamps, and the exact nature of file changes.

What You'll Learn

  • Real-Time File Integrity Monitoring with Auditd

    Learn how to configure Auditd rules to track unauthorized file modifications, deletions, permission changes, and attribute changes in sensitive directories like /etc/.

  • Simulating File Tampering & Unauthorized Changes

    Understand how to safely simulate attacks such as file deletion, config changes, or unauthorized edits to generate meaningful security events.

  • Centralized Log Collection with Splunk

    See how Auditd logs are forwarded to Splunk for visibility, correlation, dashboards, and long-term event retention.

Prerequisites

  • Linux machine (Ubuntu) with Auditd installed
  • Basic understanding of Linux file permissions and directory structure
  • Access to system log files (/var/log/audit/audit.log)
  • Splunk instance configured to receive Auditd logs
  • Familiarity with basic terminal commands and editing configuration files

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Practical AWS Cloud Security Posture Assessment Using Scout Suite
Free Beginner

Practical AWS Cloud Security Posture Assessment Using Scout Suite

Identify real-world AWS attack surfaces through visual security posture analysis.

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.