Re: Auditing subdirectories recursively using auditd

From: chaim.rieger@xxxxxxxxx
Date: Thu, 8 Jan 2009 08:26:17 +0000

Check out aide

Sent via BlackBerry from T-Mobile

-----Original Message-----
From: "Giuseppe Fuggiano" <giuseppe.fuggiano@xxxxxxxxx>

Date: Thu, 8 Jan 2009 09:22:42
To: <redhat-list@xxxxxxxxxx>
Subject: Auditing subdirectories recursively using auditd

Hi list.

I just posted this at fedora-list, with no answer. Maybe here is a
more appropriate place to ask that.

I found that auditd daemon is very useful to audit my linux
installation. But, given a directory, I'd like to audit also its
subdirectories and files, recursively. Also, if a user create or
modify something there, the audit watches should change properly.

Is it possible? I cannot figure out the rules to add in
/etc/audit.rules to do that. I hope in someone who experienced this
issue.

Thanks a lot,
--
Giuseppe Fuggiano

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Follow-Ups:
- Re: Auditing subdirectories recursively using auditd
  - From: Giuseppe Fuggiano

References:
- Auditing subdirectories recursively using auditd
  - From: Giuseppe Fuggiano

Prev by Date: Auditing subdirectories recursively using auditd
Next by Date: Re: Auditing subdirectories recursively using auditd
Previous by thread: Auditing subdirectories recursively using auditd
Next by thread: Re: Auditing subdirectories recursively using auditd
Index(es):
- Date
- Thread

Relevant Pages

Re: Problems with auditd
... been reading online posts about auditd and auditing (as well as the man ... If I run audit -s, ... You would think, if the system is going to install the daemon, it would have that option in the GENERIC kernel. ...
(freebsd-questions)
Re: Is auditd needed to run?
... is, if you're running auditd, audit messages are put into ... SELinux uses the audit subsystem. ... in CentOS4, we don't have ...
(comp.os.linux.setup)
Re: [PATCH] audit: error message typo correction
... Fixes a typo in the error message raised by audit when auditd has died ...
(Linux-Kernel)
Problems with auditd
... I upgraded my system from 6.0 RELEASE to 6.2 RELEASE by cvsupping the files and then running buildkernel/buildworld as usual. ... been reading online posts about auditd and auditing but I haven't found what the problem is. ... If I run audit -s, ... I have since cvsupped a second time and rebuilt world, but I have not rebuilt the kernel. ...
(freebsd-questions)