mirror of
https://github.com/ivuorinen/cheatsheet-tldr.git
synced 2026-02-06 23:45:28 +00:00
Update cheatsheets
This commit is contained in:
ivuorinen
37
tldr/linux/auditctl
Normal file
37
tldr/linux/auditctl
Normal file
@@ -0,0 +1,37 @@
|
||||
---
|
||||
syntax: markdown
|
||||
tags: [tldr, linux]
|
||||
source: https://github.com/tldr-pages/tldr.git
|
||||
---
|
||||
# auditctl
|
||||
|
||||
> Utility to control the behavior, get status and manage rules of the Linux Auditing System.
|
||||
> More information: <https://manned.org/auditctl>.
|
||||
|
||||
- Display the [s]tatus of the audit system:
|
||||
|
||||
`sudo auditctl -s`
|
||||
|
||||
- [l]ist all currently loaded audit rules:
|
||||
|
||||
`sudo auditctl -l`
|
||||
|
||||
- [D]elete all audit rules:
|
||||
|
||||
`sudo auditctl -D`
|
||||
|
||||
- [e]nable/disable the audit system:
|
||||
|
||||
`sudo auditctl -e {{1|0}}`
|
||||
|
||||
- Watch a file for changes:
|
||||
|
||||
`sudo auditctl -a always,exit -F arch=b64 -F path={{/path/to/file}} -F perm=wa`
|
||||
|
||||
- Recursively watch a directory for changes:
|
||||
|
||||
`sudo auditctl -a always,exit -F arch=b64 -F dir={{/path/to/directory/}} -F perm=wa`
|
||||
|
||||
- Display [h]elp:
|
||||
|
||||
`auditctl -h`
|
||||
Reference in New Issue
Block a user