What would the appropriate syscall be in the audit.rules file to log file deletions with auditd? I'm thinking the syntax would be something akin to -w entry, always -S delete, but that doesn't seem to work...
Thanks to all...
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
