RHEL 4, Auditing
Hi All;
I trying RHEL 4.x series auditing.
Example:
Audit version: audit-1.0.15-3.EL4
-w /root -p w
config line added to audit.rules; but this config watch only "/root"
directory writes. Do not watch "/root/Desktop", "/root/test", etc...
I can't recusive directory watch; like audit version audit-1.7.17-3
How this?
Thank you
Best Regards.
Attachments:
- attachment.html (text/html — 440 bytes)