Re: Deleted directory path not recorded when running rmdir with slash at directory path end

On 3/4/21 9:09 PM, Alan Evangelista wrote: > If I run the rmdir command with a directory path with a slash at its > end, Audit doesn't record the deleted directory path.  > > Audit rule: > -a always,exit -F dir=/sasdata -F arch=b64 -S creat -S open -S openat > -S unlink -S unlinkat -S symlink -S s

Re: Deleted directory path not recorded when running rmdir with slash at directory path end

On Thursday, March 4, 2021 10:09:35 PM EST Alan Evangelista wrote: > If I run the rmdir command with a directory path with a slash at its end, > Audit doesn't record the deleted directory path. > > Audit rule: > -a always,exit -F dir=/sasdata -F arch=b64 -S creat -S open -S openat -S > unlink -S u

Deleted directory path not recorded when running rmdir with slash at directory path end

If I run the rmdir command with a directory path with a slash at its end, Audit doesn't record the deleted directory path. Audit rule: -a always,exit -F dir=/sasdata -F arch=b64 -S creat -S open -S openat -S unlink -S unlinkat -S symlink -S symlinkat -S link -S linkat -S rename -S renameat -S chmo