System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Auditing subdirectories with linux auditd

 
Regular Advisor

Auditing subdirectories with linux auditd

Hi
I have a RHEL4 and I am trying to use the auditd daemon to monitor changes to a directory and its sub directories

Unfortunately it seems that the auditctl command can only monitor a single directory but not its sub directory

I used the following command
# auditctl -w /home/mon/checkload -p war -k moncheckload

This only monitors /home/mon/checkload but not its sub directories.

How do I use auditctl to monitor activities in sub directories too?
All Your Bases Are Belong To Us!
1 REPLY 1
Highlighted
Honored Contributor

Re: Auditing subdirectories with linux auditd

In fact, auditd purpose is to monitor at file level, not directory level. Probably, for what you want, tripwire is your option (maybe snare).
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?