Watch in audit 1.6
Ameel Kamboh
akamboh at nortel.com
Tue Jan 20 16:11:52 UTC 2009
We are using audit 1.6 in our system.
When I add a watch rule for write and append to a directory, the log
will report any changes to the directory and all the sub directories as
well.
Is there a way to exclude watching sub directories as well.
Example:
Watch directory /var/mydir
The tree for mydir is as follows:
/var/mydir
|
---- runtime
|
---- dir1
|
---- dir2
I would like to watch /var/mydir + /var/mydir/dir1 + /var/mydir/dir2,
but exclude /var/mydir/runtime
Rule:
-w /var/mydir -p aw
Is there a way to do what I am asking?
Ameel Kamboh
SIP Core Network and Security
Phone: 972.685.4922 (esn 445-4922)
Mobile: 978-590-2280
SIP: akamboh at techtrial.com
email: akamboh at nortel.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20090120/17e6e0da/attachment.htm>
More information about the Linux-audit
mailing list