43 Understanding Linux Audit
exit,always tells audit to add an audit context to this system call when entering it, and to write out a report when it gets audited. 3. This rule adds an audit ...
iptables異動紀錄 - iT 邦幫忙:
2019年4月9日 — auditctl -a exit,always -F arch=b64 -F a2=64 -S setsockopt -k iptablesChange. 然後隨便改個iptables 設定, 例如: iptables -A INPUT -j ACCEPT. 再 ...
auditctl
Remove a watch for the file system object at path. However, I get the following: # auditctl -l. LIST_RULES: exit,always watch=/etc/hosts perm=rwa ...
auditctl(8)
This causes auditctl to always return a success exit code. -c: Continue loading rules in spite of an error. This summarizes the results of loading the rules.
auditctl(8)
always Allocate an audit context, always fill it in at syscall entry time, and always write out a record at syscall exit time. -A list,action Add rule to the ...
audit.rules(7)
Valid actions are: always - always ... Auditctl moved your rule to the exit filter so that it's not lost. ... -a always,exit -F arch=b32 -S open,openat,openat2 ...