Hi All;<br><br>I need watch to write operations from all directorys in root(/), 
but not watch example /proc and /dev paths?<br><br>Example, i write this rule to audit.rules file; with -w parameter:<br>
<br>
-w /home -p w -k WriteProcess<br>
-w /home -p r -k ReadProcess<br>
<br>
This is running, but this technic require write all directory 
names(listed all top directory names from top level root directory).<br>
<br>
Example: /home, /etc, /opt ...<br>
<br>
But yet, i need this directory names automatically watch with audit 
daemon. If adding directory to system, this directory not watching(if 
not adding manually).<br>
<br>
e.g. -&gt; user added directory to /testing(mkdir /testing). At work, 
not watch write permissions, because not defined to audit.rules file.<br>
<br>
I have try -W parameter, for remove a watch from watching list; after 
watch / directory with -w.<br>
<br>
-w / -p w<br>
-W /proc<br>
<br>But, not working?<br><br>How to configure /etc/audit/audit.rules file for my request?<br>