monitoring deletion of directories?

Steve Grubb sgrubb at redhat.com
Thu Oct 8 21:30:59 UTC 2015

Previous message (by thread): monitoring deletion of directories?
Next message (by thread): Audit record created by echo "ThisIsATest" >>/tmp/test/file11
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday, October 08, 2015 01:32:16 PM Bond Masuda wrote:
> with linux audit, how do I monitor the deletion of directories? I am
> already monitoring the unlink syscall, but it only seems to monitor
> deleted files.

There is a rmdir syscall. Add that to your rule.

-Steve

Previous message (by thread): monitoring deletion of directories?
Next message (by thread): Audit record created by echo "ThisIsATest" >>/tmp/test/file11
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list