Pārlūkot izejas kodu

Add auditctl Example

This command allows you to watch a file for changes.
master
Nate Bohman pirms 3 gadiem
vecāks
revīzija
04a80c11f3
Parakstījis: Nate Bohman <natrinicle@gmail.com> GPG atslēgas ID: C10546A54ABA1CE5
1 mainītis faili ar 9 papildinājumiem un 0 dzēšanām
  1. +9
    -0
      watch_file_for_changes_auditctl.sh

+ 9
- 0
watch_file_for_changes_auditctl.sh Parādīt failu

@@ -0,0 +1,9 @@
# Add a watch to the /etc/hosts file watching for (-p) reads, writes, executions,
# and appends named (-k) hosts-file which can be uniquely used to identify the
# audit records produced by this rule. Check the /var/log/audit/audit.log file
# for matching events.
sudo auditctl -w /etc/hosts -p rwxa -k hosts-file

# To remove the rule later change the -w to -W with the rest of the command being
# the same. If you want to list all rules auditctl -l will show you all rules
# currently loaded.

Notiek ielāde…
Atcelt
Saglabāt