Renaming a file or a directory with mv command is not audited from Red Hat Enterprise Linux 7.6

Solution Unverified - Updated -

Issue

  • I used the following audit rule to capture the event of a file or a directory, including rename, in Red Hat Enterprise Linux 7.5 or older.
-w /root/test -k rename
  • But, the same rule didn't work to capture the rename event in Red Hat Enterprise Linux 7.6.

Environment

Red Hat Enterprise Linux (RHEL) 7.6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content