From ea6ccc8128668899bdde5484454ee7e0f2a87fd9 Mon Sep 17 00:00:00 2001
From: spageektti <git@spageektti.cc>
Date: Tue, 28 May 2024 03:10:15 +0200
Subject: [PATCH] auditctl: add page (#12846)

---
 pages/linux/auditctl.md | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 pages/linux/auditctl.md

diff --git a/pages/linux/auditctl.md b/pages/linux/auditctl.md
new file mode 100644
index 000000000..72e16da6e
--- /dev/null
+++ b/pages/linux/auditctl.md
@@ -0,0 +1,32 @@
+# auditctl
+
+> Utility to control the behavior, get status and manage rules of the Linux Auditing System.
+> More information: <https://manned.org/auditctl>.
+
+- Display the [s]tatus of the audit system:
+
+`sudo auditctl -s`
+
+- [l]ist all currently loaded audit rules:
+
+`sudo auditctl -l`
+
+- [D]elete all audit rules:
+
+`sudo auditctl -D`
+
+- [e]nable/disable the audit system:
+
+`sudo auditctl -e {{1|0}}`
+
+- Watch a file for changes:
+
+`sudo auditctl -a always,exit -F arch=b64 -F path={{/path/to/file}} -F perm=wa`
+
+- Recursively watch a directory for changes:
+
+`sudo auditctl -a always,exit -F arch=b64 -F dir={{/path/to/directory/}} -F perm=wa`
+
+- Display [h]elp:
+
+`auditctl -h`