echo "" > /file/to/watch
or cat some_file > /file/to/watchwithout generating audit events. I assume this has to do with how the kernel handles re-direction. Is it possible to catch these modifications?
Thanks, Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
