This commit will add additional example in auditctl(8) manpage which will
help users to use shell escaping while defining the rules through auditctl
command. As some characters require escaping when invoked from a shell.
It is known issue that shell interpret '>' as redirection which results
in auditctl giving errors like "-F missing operation for auid".
Signed-off-by: Romesh Upadhyay <romupadh(a)gmail.com>
---
docs/auditctl.8 | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/docs/auditctl.8 b/docs/auditctl.8
index 8069259..e987452 100644
--- a/docs/auditctl.8
+++ b/docs/auditctl.8
@@ -317,6 +317,12 @@ To watch a file for changes (2 ways to express):
.B auditctl \-a always,exit \-F path=/etc/shadow \-F perm=wa
.fi
+Using shell escaping in bash by defining '\' before '>' to avoid
interpretation of special characters such as '>','<' as a file
redirection:
+
+.nf
+.B auditctl \-a exit,always \-F arch=b64 \-S fchmodat \-F auid\>=500 \-F
auid\!=4294967295 \-k perm_mod
+.fi
+
To recursively watch a directory for changes (2 ways to express):
.nf
--
1.8.3.1
Show replies by date
Hello Steve,
Could you please review this patch?
-Romesh