Example
Fulda, Paul (Space Technology)
Paul.Fulda at ngc.com
Tue Sep 23 16:18:27 UTC 2008
Can someone give me an example of how to audit the "date" command in the
audit.rules file. I would like for it to report only failures for a
user using the command. Root using the command would report nothing. I
can get this working for file watches but not for executables using:
-a exit,always -w /etc/shadow -S open -F success!=1
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20080923/d0fca8ca/attachment.htm>
More information about the Linux-audit
mailing list