audit rules watching paths

Warron French warron.french at gmail.com
Sun Mar 12 04:48:53 UTC 2017

Previous message (by thread): [PATCH v2] audit: log module name on delete_module
Next message (by thread): audit rules watching paths
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I know that I can add to the audit.rules file a rule like

-w /etc/ -p rawx -k watch_Etc

But how far down will this sort of audit rule monitor /etc/?  How many 
levels deep?


Thanks.

Previous message (by thread): [PATCH v2] audit: log module name on delete_module
Next message (by thread): audit rules watching paths
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list