Is there any reason not to put many rules on one line in audit.rules?
Ex:
-a exit, always -S creat -S open -S truncate -S truncate64 -S ftruncate -S
ftruncate64 -S unlink -S link -S symlink -S rename -S mkdir -S rmdir -F
devmajor=253 -F devminor=1
Thanks,
-Mont
Show replies by date