Monitor your system using kernel auditing and auditctl
Use the kernel auditing system to set watches on critical files and system calls and log the activity for later anaylsis.
Use the kernel auditing system to set watches on critical files and system calls and log the activity for later anaylsis.