Goal: Detect new, removed, or modified web server accounts
Apache web server accounts are stored in a .htaccess file. This is commonly found near, but not in the directory tree that holds your actual web content (/var/www/html/ in this example). By monitoring this file for changes, you can tell if accounts are added, deleted, or modified.
(Modify to match the locations of your .htpasswd file(s) )