Audit Linux Security: Working with the Audit Log Create audit rules to watch `/etc/passwd` for reads, `/etc/sudoers/` for reads and writes, and `/sbin/visudo` for executions. Run these commands auditctl -w By Austin Songer 23 Sep 2019