aureport -f --summary lists the files excluded in an audit rule
Issue
- The
aureport -f --summary
command keeps to list the files excluded in an audit rule. - The following is a part of the audit rules including a rule to exclude any event on the file.
-a always,exit -F arch=b32 -S open,rename -F auid>=1000 -F auid!=-1
-a always,exit -F arch=b64 -S open,rename -F auid>=1000 -F auid!=-1
-a never,exit -S all -F path=/var/run/test.pid.tmp
- The
auditctl -l
command shows that the rules were applied properly.
Environment
Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.