Monitoring files
Richard Guy Briggs
rgb at redhat.com
Tue Apr 24 15:14:50 UTC 2018
On 2018-04-23 23:41, F Rafi wrote:
> Adding a -i to the rules file should ignore any errors.
At risk of feature creep, it might be nice to have a flag to ignore
certain rules but not others, a way to tag individual rules with either
a must, or a different tag with "ignore if not present" for file rules.
> -Farhan
>
> On Mon, Apr 23, 2018 at 9:19 PM, warron.french <warron.french at gmail.com> wrote:
> > Hi, I have a requirement to monitor a ton of files, executables and confug
> > files.
> >
> > Anyway, not all of my systems have every file in the list; and when I add
> > the rules appropriate, either as a Watch (-w) rule or as an Action (-a)
> > rule, the rules stop loading when the find a rule that has a file that
> > doesn't exist *on that particular system*.
> >
> > This is the intended effect, yes?
> >
> > Thanks in advance,
> > --------------------------
> > Warron French
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list