-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Can someone tell me what is the correct syntax for successfully or failing to modify a file using the chmod command? I have :
- -a exit,possible -S chmod -F success=0 -F success!=0 - -a exit,possible -S fchmod -F success=0 -F success!=0 But I am not able to audit the event. As a regular user I try to change the permissions of /etc/shadow. The action fails (as expected) but does not get audited. Any suggestions is greatly appreciated. Paul Whitney Information Systems Solutions [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRlSQSbdVg+viRqgEAQjJTAf8CHUY4lQMv7tJrdseTqe/l2n1oFwu8GNr xrIPab5+iQtRWk4OwwOnmifz1yZRyA+tO+W0hXc7UFn5c1J8YKFooAYEiTK/DvBI oE4Aeme5QDIW4MN/quq8qOeKieMUDr2oPt3ZqVW6F9u/pF/dlUaQ5OvdSchtdfLw iYMsd2rS5xtUVa0fDYEsQqz6AAaKbpuBCa6+ksxWTnPOCjYec0jpVpT3unFLA7G3 FK34zc5nfzuGimEtPb3wGvZv32wPyDDV8aD/ghw9kBYT3Fobd4LF6ZT89MbWSlja I5HW38q8elNn6an3FjWo+UV9r47tuMteIuFUatwed47yR/58xizoEg== =yBwv -----END PGP SIGNATURE----- -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
