Audit with path exception rule
Ameel Kamboh
akamboh at nortel.com
Mon Jul 23 15:25:22 UTC 2007
I would like to audit the file system for anyone creating new files
However I would like to exclude a directory from the watch list.
Here is the sample I have:
#3. create/Remove any files
-a exit,always -S creat -F path!=/var/myApp <--- line 21
-a exit,always -S unlink -F path!=/var/myApp
This is giving me the following error:
auditctl -R test.rules
No rules
AUDIT_STATUS: enabled=1 flag=1 pid=3413 rate_limit=0 backlog_limit=1024
lost=0 backlog=0
Error sending add rule data request (Invalid argument)
There was an error in line 21 of test.rules
Ameel Kamboh
SIP Core Network and Security
Phone: 972.685.4922 (esn 445-4922)
Mobile: 978-590-2280
SIP: akamboh at techtrial.com
email: akamboh at nortel.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20070723/ff7e6514/attachment.htm>
More information about the Linux-audit
mailing list