RE: "Watch"ing a directory

Wieprecht, Karen M. Wed, 22 Aug 2007 13:37:32 -0700

We catch failures to cd into a directory with the rule "-a exit,always
-S all -F exit=-13"


Perhaps this captures too much, but it does seem to get the failed cd
attempts.  

Karen Wieprecht


--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

RE: "Watch"ing a directory

Reply via email to