Auditing subdirectories with linux auditd

kenny chia · ‎01-06-2009

Hi
I have a RHEL4 and I am trying to use the auditd daemon to monitor changes to a directory and its sub directories

Unfortunately it seems that the auditctl command can only monitor a single directory but not its sub directory

I used the following command
# auditctl -w /home/mon/checkload -p war -k moncheckload

This only monitors /home/mon/checkload but not its sub directories.

How do I use auditctl to monitor activities in sub directories too?

All Your Bases Are Belong To Us!

Ivan Ferreira · ‎01-06-2009

In fact, auditd purpose is to monitor at file level, not directory level. Probably, for what you want, tripwire is your option (maybe snare).

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Auditing subdirectories with linux auditd

Auditing subdirectories with linux auditd

Re: Auditing subdirectories with linux auditd