"Watch"ing a directory
Ameel Kamboh
akamboh at nortel.com
Wed Aug 22 20:16:58 UTC 2007
For recursive watch can you exclude an inode from the watch list.
For example, I want a recursive watch on all directories and their sub
dir under /var
But would like to exclude /var/log specifically?
Ameel Kamboh
SIP Core Network and Security
Phone: 972.685.4922 (esn 445-4922)
Mobile: 978-590-2280
SIP: akamboh at techtrial.com
email: akamboh at nortel.com
-----Original Message-----
From: Steve Grubb [mailto:sgrubb at redhat.com]
Sent: Wednesday, August 22, 2007 11:10 AM
To: Kamboh, Ameel (RICH1:B670)
Cc: Sankarshan Mukhopadhyay; linux-audit at redhat.com
Subject: Re: "Watch"ing a directory
On Wednesday 22 August 2007 11:05:07 Ameel Kamboh wrote:
> Is that in the RHEL5 distribution?
It will be in 5.1. You can already access it in the beta channel.
> Which versions of audit and kernel support recursive dir watch?
audit-1.5.5-6 and kernel-2.6.18-40.el5. Newer versions work even better.
For Fedora, it will have to wait until either 2.6.23 or 24 depending on
how fast the patch gets pulled into mainline. It was in -mm tree,
though.
-Steve
More information about the Linux-audit
mailing list