No Denial

[Browder, Tom]

(It would be nice to be able to choose to get logging of all instances
of denial in permissive mode.)

But the denial is the same whether I do 'ls /etc/shadow' or 'mv
/etc/shadow /etc/shadow.save'.  Is there a way to show the different
system calls?

I'm sure there is, but I'm just getting started in the nitty-gritty of
this stuff and a few hints would be appreciated.

Here's my situation:  I have a customer who wants to audit specific
commands on specific files and directories, i.e., who's doing what to
whom and when.

Is there an "easy" way to do something like that?

Thanks, and I'll try not to bug you any more.

Tom Browder