You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, there is a template for audit watches, called audit_rules_watch.
This template uses the -w rule parameter. Citing Audit.rules man page:
Watches can also be created using the deprecated −w format which allows for backwards compatibility at the expense of system performance as explained. Using syscall rules as shown above, you can choose between path and dir which is against a specific inode or directory tree respectively. It should also be noted that the recursive directory watch will stop if there is a mount point below the parent directory. There is an option to make the mounted subdirectory equivalent by using a -q rule.
there should be a template which uses the new format, e.g.
Currently, there is a template for audit watches, called audit_rules_watch.
This template uses the
-wrule parameter. Citing Audit.rules man page:there should be a template which uses the new format, e.g.
The text was updated successfully, but these errors were encountered: