The auditctl man page specifies that you may specify multiple syscalls in a
rule, but it doesn't show and I can't figure out the format for this.
Could someone please enlighten me? I am trying to audit all access to files
(read, write, remove). I believe all I need to do is audit open, write, and
rmdir in a single rule. I just can't figure out how to format it.
Thanks,
-Mont