Example
Fulda, Paul (Space Technology)
Paul.Fulda at ngc.com
Tue Sep 23 16:23:27 UTC 2008
Let me rephrase. It would report an audit record only if a general user
uses the 'date' command, but do nothing if root execute it.
________________________________
From: linux-audit-bounces at redhat.com
[mailto:linux-audit-bounces at redhat.com] On Behalf Of Fulda, Paul (Space
Technology)
Sent: Tuesday, September 23, 2008 11:18 AM
To: Linux-audit at redhat.com
Subject: Example
Can someone give me an example of how to audit the "date" command in the
audit.rules file. I would like for it to report only failures for a
user using the command. Root using the command would report nothing. I
can get this working for file watches but not for executables using:
-a exit,always -w /etc/shadow -S open -F success!=1
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20080923/4a93a209/attachment.htm>
More information about the Linux-audit
mailing list