Re: renameat2 syscall is not recorded
On Wednesday, March 10, 2021 5:53:42 AM EST Alan Evangelista wrote:
OM> Not sure if this is it, but there is a "-" missing
before the "S"
before "renameat2".
This was indeed the issue. I found our that was the issue when I ran
"auditctl -l". Thank you.
Is there any reason why augenrules
It has no idea about the rules, it simply compiles the master list.
and auditctl -R don't print errors to stdout when rules parsing
errors
occur?
If it's detected that the rules are in a file, they get sent to syslog because
99.99% of the time, this is system boot or initscripts and we need to make
the problem discoverable later by the system admin.
-Steve