Was hoping someone could give me some assistance with finding changes to audit mechanisms or changes to audit/data logs. Basically I'm trying to find out if someone has changed auditing policy or logs to try to hide nefarious activities from being captured in both Linux and Windows. I know Windows has EventCodes such as 4715, 4719, 4908, and 4912 that are audited, even if audit is changed or turned off, but am I missing something else, and what is the best way to try to find it in Linux?
... View more