* How to use exclude directory or file
@ 2018-05-11 12:01 George Sarker
2018-05-11 13:55 ` Steve Grubb
0 siblings, 1 reply; 3+ messages in thread
From: George Sarker @ 2018-05-11 12:01 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 551 bytes --]
Hello,
I am trying to exclude a directory and all of its sub-directories and
contents from being audited.
I used this link https://access.redhat.com/solutions/416863
I generated this syntax :
-a never,exclude -F path=/root/test
However, I am still getting audits from scripts generating files within
this path.
Can you suggest a proper configuration for excluding a directory along with
its sub-directories and contents.
We are on RHEL 6.9 and currently our audit version is
: audit-2.4.5-3.el6.x86_64
Thanks for your support!
George Sarker.
[-- Attachment #1.2: Type: text/html, Size: 850 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* How to use exclude directory or file
@ 2018-05-11 13:46 George Sarker
0 siblings, 0 replies; 3+ messages in thread
From: George Sarker @ 2018-05-11 13:46 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 536 bytes --]
Hello,
I am trying to exclude a directory and all of its sub-directories and
contents from being audited.
I used this link https://access.redhat.com/solutions/416863
I generated this syntax :
-a never,exclude -F path=/root/test
However, I am still getting audits from scripts generating files within
this path.
Can you suggest a proper configuration for excluding a directory along with
its sub-directories and contents.
We are on RHEL 6.9 and currently our audit version is
: audit-2.4.5-3.el6.x86_64
Thanks for your support!
[-- Attachment #1.2: Type: text/html, Size: 7167 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: How to use exclude directory or file
2018-05-11 12:01 How to use exclude directory or file George Sarker
@ 2018-05-11 13:55 ` Steve Grubb
0 siblings, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2018-05-11 13:55 UTC (permalink / raw)
To: linux-audit; +Cc: George Sarker
On Friday, May 11, 2018 8:01:41 AM EDT George Sarker wrote:
> Hello,
>
> I am trying to exclude a directory and all of its sub-directories and
> contents from being audited.
>
> I used this link https://access.redhat.com/solutions/416863
>
> I generated this syntax :
>
> -a never,exclude -F path=/root/test
Have you tried -a always,exclude -F path=/root/test ?
-Steve
> However, I am still getting audits from scripts generating files within
> this path.
>
> Can you suggest a proper configuration for excluding a directory along with
> its sub-directories and contents.
>
> We are on RHEL 6.9 and currently our audit version is
>
> : audit-2.4.5-3.el6.x86_64
>
> Thanks for your support!
>
> George Sarker.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-05-11 13:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-05-11 12:01 How to use exclude directory or file George Sarker
2018-05-11 13:55 ` Steve Grubb
-- strict thread matches above, loose matches on Subject: below --
2018-05-11 13:46 George Sarker
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox