auditctl: how do I remove a watch?
Michael Convey
smconvey at gmail.com
Mon Nov 8 17:27:47 UTC 2010
Per the man page, to remove a watch, do the following:
-W path
Remove a watch for the file system object at path.
However, I get the following:
# auditctl -l
LIST_RULES: exit,always watch=/etc/hosts perm=rwa key=hosts-file
LIST_RULES: exit,always watch=/etc/resolv.conf perm=wa key=resolv
# auditctl -W /etc/hosts
Error sending delete rule data request (No such file or directory)
What am I doing wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20101108/f6304fd5/attachment.htm>
More information about the Linux-audit
mailing list