auditctl filter keyword: "path"
Michael C Thompson
thompsmc at us.ibm.com
Thu May 25 15:56:03 UTC 2006
Michael C Thompson wrote:
> Hey Steve,
>
> audit-1.2.2-2 seems to be having problems with the path filter word.
>
> # auditctl -a exit,always -S open -F path=bfile
> Error sending add rule request (Invalid argument)
> # auditctl -a entry,always -S open -F path=bfile
> Error sending add rule request (Invalid argument)
Apparently path will not take relative path names... Would it be
desirable to augment the logic of auditctl to resolve the relative path
and convert it to an absolute path for rule inclusion? This is a
nice-to-have that admins will expect.
Thanks,
Mike
More information about the Linux-audit
mailing list