I wonder if someone can help me with an audit rule issue?
I want to log if someone uses the rpm command (to install/upgrade packages), but not the rest of commands. Only the rpm command!
Is it possible? If so, can anyone please tell me how to write the rule string? I’ve searched the internet, without success.