ctome
/
tldr
mirror of https://github.com/CrimsonTome/tldr.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

auditctl: add page (#12846)

pull/28/head
spageektti 2024-05-28 03:10:15 +02:00 committed by GitHub
parent 20d52e2d55
commit ea6ccc8128
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
pages/linux/auditctl.md Normal file
View File

@ -0,0 +1,32 @@
# auditctl
> Utility to control the behavior, get status and manage rules of the Linux Auditing System.
> More information: <https://manned.org/auditctl>.
- Display the [s]tatus of the audit system:
`sudo auditctl -s`
- [l]ist all currently loaded audit rules:
`sudo auditctl -l`
- [D]elete all audit rules:
`sudo auditctl -D`
- [e]nable/disable the audit system:
`sudo auditctl -e {{1|0}}`
- Watch a file for changes:
`sudo auditctl -a always,exit -F arch=b64 -F path={{/path/to/file}} -F perm=wa`
- Recursively watch a directory for changes:
`sudo auditctl -a always,exit -F arch=b64 -F dir={{/path/to/directory/}} -F perm=wa`
- Display [h]elp:
`auditctl -h`