Audit 23 September 2019 Linux Security: Working with the Audit Log Create audit rules to watch `/etc/passwd` for reads, `/etc/sudoers/` for reads and writes, and `/sbin/visudo` for executions. Run these commands auditctl -w