'Nested rule' error message when getting auditd set up on my server
Tola Odejayi
tolaodejayi at gmail.com
Sat Sep 29 22:49:25 UTC 2012
Hello,
I'm trying to figure out which processes are deleting files from a specific
directory, so I want to set up and run auditd on my system.
I've set up the following (only) rule in audit.rules:
-a exit,always -F arch=x86_64 -S unlinkat -S truncate -S ftruncate -F
dir=/home/myfolder/cache -F key=cache_deletion
Then I type this to start the audit daemon:
auditctl -R /etc/audit/audit.rules -e 1
But I get this error message:
Error - nested rule files not supported
Does anyone know what I am doing wrong here, and how I can resolve this?
Tola
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20120929/76fed010/attachment.htm>
More information about the Linux-audit
mailing list