[PATCH] Update auditctl man page for new example on shell escaping.
Romesh Upadhyay
romupadh at gmail.com
Thu Sep 2 06:14:44 UTC 2021
This commit will add additional example in auditctl(8) manpage which will
help users to use shell escaping while defining the rules through auditctl
command. As some characters require escaping when invoked from a shell.
It is known issue that shell interpret '>' as redirection which results
in auditctl giving errors like "-F missing operation for auid".
Signed-off-by: Romesh Upadhyay <romupadh at gmail.com>
---
docs/auditctl.8 | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/docs/auditctl.8 b/docs/auditctl.8
index 8069259..e987452 100644
--- a/docs/auditctl.8
+++ b/docs/auditctl.8
@@ -317,6 +317,12 @@ To watch a file for changes (2 ways to express):
.B auditctl \-a always,exit \-F path=/etc/shadow \-F perm=wa
.fi
+Using shell escaping in bash by defining '\' before '>' to avoid interpretation of special characters such as '>','<' as a file redirection:
+
+.nf
+.B auditctl \-a exit,always \-F arch=b64 \-S fchmodat \-F auid\>=500 \-F auid\!=4294967295 \-k perm_mod
+.fi
+
To recursively watch a directory for changes (2 ways to express):
.nf
--
1.8.3.1
More information about the Linux-audit
mailing list