-F perm in audit rules
Gabriel Alford
ralford at redhat.com
Tue Sep 8 23:02:01 UTC 2020
Hello,
By default, does auditd audit read, write, execute, and attribute in audit
rules or do you need to specify
-F perm=wxra ?
For example,
-a always,exit -F path=/usr/bin/at -F perm=wrxa
vs
-a always,exit -F path=/usr/bin/at
Thanks and let me know if what I am asking doesn't make sense.
Gabriel Alford
Member of the technical staff
office of the chief technologist
red hat Public Sector
Red Hat
<https://www.redhat.com>
ralford at redhat.com T: 972-707-6483 <650-254-4391> M: 303-550-7234
<https://red.ht/sig> <https://red.ht/sig>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20200908/c72ef06f/attachment.htm>
More information about the Linux-audit
mailing list