Is there any way to put a watch on a directory, so that an audit record will be generated if anyone cd's to that directory. I've tried things like:
-w /etc/audit/ -k ACCESS_AUDIT but the rule never seems to get invoked. I'm running FC7 with audit-1.5.3 Thanks for any help - Pete Briggs -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
