[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Audit with path exception rule



Title: Audit with path exception rule

I would like to audit the file system for anyone creating new files
However I would like to exclude a directory from the watch list.

Here is the sample I have:

#3.     create/Remove any files
-a exit,always -S creat  -F path!=/var/myApp   <--- line 21
-a exit,always -S unlink -F path!=/var/myApp

This is giving me the following error:

auditctl -R test.rules
No rules
AUDIT_STATUS: enabled=1 flag=1 pid=3413 rate_limit=0 backlog_limit=1024 lost=0 backlog=0
Error sending add rule data request (Invalid argument)
There was an error in line 21 of test.rules

Ameel Kamboh
SIP Core Network and Security
Phone: 972.685.4922 (esn 445-4922)
Mobile: 978-590-2280
SIP: akamboh techtrial com
email: akamboh nortel com




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]