I would like to audit the file system for anyone creating new files However I would like to exclude a directory from the watch list.
Here is the sample I have: #3. create/Remove any files -a exit,always -S creat -F path!=/var/myApp <--- line 21 -a exit,always -S unlink -F path!=/var/myApp This is giving me the following error: auditctl -R test.rules No rules AUDIT_STATUS: enabled=1 flag=1 pid=3413 rate_limit=0 backlog_limit=1024 lost=0 backlog=0 Error sending add rule data request (Invalid argument) There was an error in line 21 of test.rules Ameel Kamboh SIP Core Network and Security Phone: 972.685.4922 (esn 445-4922) Mobile: 978-590-2280 SIP: [EMAIL PROTECTED] email: [EMAIL PROTECTED]
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
