linux-audit-bounces@redhat.com wrote on 11/17/2005 02:22:15 PM:

>
> Amy and I talked about this briefly a week or so ago.  Her current
> patch will not support this functionality as-is but we think it is
> possible to develop a follow-up patch that supports watching individual
> directories.   Its probably not possible to audit an entire directory
> structure with a single watch but if one is willing to specify each
> directory to be audited, then we might be able to provide that
> capability.

Would it be possible to have a watch that instructs a parent to watch its
children? Perhaps that is what you are saying here... If so, that would
be a very reasonable action.

What is the limiting aspect that would not allow you to watch deeper than
just 1 set of children? Obviously, this could be set up with some kind of
script or automation on the user's behalf if its not possible, but I can see
Mont's request being a very common one.

Mike

>
> -- ljk
>
>
> Steve Grubb wrote:
> > On Thursday 17 November 2005 12:05, Mont Rothstein wrote:
> >
> >>The number of files could be in the millions, far too many to add a rule
> >>for each file.
> >
> >
> > Amy, since the new file system audit code is using the inotify
> interface, will
> > this be possible?
> >
> > -Steve
> >
> > --
> > Linux-audit mailing list
> > Linux-audit@redhat.com
> > https://www.redhat.com/mailman/listinfo/linux-audit
> >
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit