A question about the directory watch in audit_tree.c in kernel

Steve Grubb sgrubb at redhat.com
Tue May 20 12:41:48 UTC 2008

Previous message (by thread): A question about the directory watch in audit_tree.c in kernel
Next message (by thread): A question about the directory watch in audit_tree.c in kernel
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 20 May 2008 08:06:12 am Kevin Boyce wrote:
> Correct me if I am wrong, but in doing the auditctl -w /home, the only
> thing that is being audited is the inode entry for the directory itself.

Not in new kernels. I think starting in 2.6.24 we have the ability to 
recursively audit to the bottom of a given directory tree.

-Steve

Previous message (by thread): A question about the directory watch in audit_tree.c in kernel
Next message (by thread): A question about the directory watch in audit_tree.c in kernel
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list