How to use exclude directory or file
Steve Grubb
sgrubb at redhat.com
Fri May 11 13:55:25 UTC 2018
On Friday, May 11, 2018 8:01:41 AM EDT George Sarker wrote:
> Hello,
>
> I am trying to exclude a directory and all of its sub-directories and
> contents from being audited.
>
> I used this link https://access.redhat.com/solutions/416863
>
> I generated this syntax :
>
> -a never,exclude -F path=/root/test
Have you tried -a always,exclude -F path=/root/test ?
-Steve
> However, I am still getting audits from scripts generating files within
> this path.
>
> Can you suggest a proper configuration for excluding a directory along with
> its sub-directories and contents.
>
> We are on RHEL 6.9 and currently our audit version is
>
> : audit-2.4.5-3.el6.x86_64
>
> Thanks for your support!
>
> George Sarker.
More information about the Linux-audit
mailing list