linux-audit-bounces redhat com wrote on 11/17/2005 02:22:15 PM:
> Amy and I talked about this briefly a week or so ago. Her current
> patch will not support this functionality as-is but we think it is
> possible to develop a follow-up patch that supports watching individual
> directories. Its probably not possible to audit an entire directory
> structure with a single watch but if one is willing to specify each
> directory to be audited, then we might be able to provide that
Would it be possible to have a watch that instructs a parent to watch its
children? Perhaps that is what you are saying here... If so, that would
be a very reasonable action.
What is the limiting aspect that would not allow you to watch deeper than
just 1 set of children? Obviously, this could be set up with some kind of
script or automation on the user's behalf if its not possible, but I can see
Mont's request being a very common one.
> -- ljk
> Steve Grubb wrote:
> > On Thursday 17 November 2005 12:05, Mont Rothstein wrote:
> >>The number of files could be in the millions, far too many to add a rule
> >>for each file.
> > Amy, since the new file system audit code is using the inotify
> interface, will
> > this be possible?
> > -Steve
> > --
> > Linux-audit mailing list
> > Linux-audit redhat com
> > https://www.redhat.com/mailman/listinfo/linux-audit
> Linux-audit mailing list
> Linux-audit redhat com