Watch a Files to Write
List Quest
listquest at gmail.com
Tue Jun 22 19:48:17 UTC 2010
Hi All;
I need watch to write operations from all directorys in root(/), but not
watch example /proc and /dev paths?
Example, i write this rule to audit.rules file; with -w parameter:
-w /home -p w -k WriteProcess
-w /home -p r -k ReadProcess
This is running, but this technic require write all directory names(listed
all top directory names from top level root directory).
Example: /home, /etc, /opt ...
But yet, i need this directory names automatically watch with audit daemon.
If adding directory to system, this directory not watching(if not adding
manually).
e.g. -> user added directory to /testing(mkdir /testing). At work, not watch
write permissions, because not defined to audit.rules file.
I have try -W parameter, for remove a watch from watching list; after watch
/ directory with -w.
-w / -p w
-W /proc
But, not working?
How to configure /etc/audit/audit.rules file for my request?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100622/3a26ec9d/attachment.htm>
More information about the Linux-audit
mailing list