Brennan, William C wrote:
Okay, I’m a newbie, so excuse this question if the answer seems obvious.I’ve looked at auditctl to see how it can help us audit several different conditions, but I can’t figure out how to do the following:How do I configure parameters for auditctl to make an audit record every time a file is executed?
On i386: -a entry,always -F arch=i386 -S execve On x86_64, you need the above in addition to: -a entry,always -F arch=x86_64 -S execve Matt -- Matthew Booth, RHCA, RHCSS Red Hat, Global Professional Services M: +44 (0)7977 267231 GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
signature.asc
Description: OpenPGP digital signature
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
