Hi,

 

I have this rule in audit.rules : -w /usr/sbin/useradd -p x -k user_modification

 

When I add a user, and do a ausearch –m ADD_USER   I get 0 match.  Am I doing something wrong here?  I am using version 1.8.

 

 

 

Thanks