Linux redhat 7.4 (Maipo) Auditing

yashnaresh

New Member
Joined
Aug 8, 2019
Messages
1
Reaction score
0
Credits
0
Hi,
I am trying to start auditing on chown/chmod commands. It is working (ie logs are written to audit file) with auditctl ctl command line utility but when I am putting in the /etc/audit/rules.d/audit.rules file, it doesn't work. Below is the command used. Immutable tag is commented and the system is rebooted.

auditctl -w /bin/chown -p x -k filesystem_modification
auditctl -w /bin/chmod -p x -k filesystem_modification

Below is the audit.rules file.

# Monitoring filesystem modification binaries for execution
-w /bin/mount -p x -k filesystem_modification
-w /bin/umount -p x -k filesystem_modification
-w /bin/chown -p x -k filesystem_modification
-w /bin/chgrp -p x -k filesystem_modification
-w /bin/chmod -p x -k filesystem_modification

Thansks in advance for support.
 
Last edited:

Members online


Top