HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

auditctl — Utility to control the behavior, get status and manage rules of the Linux Auditing System. More info

Submitted by: @import:tldr-pages··
0
Viewed 0 times
tldrcommand-linecliauditctllinux
thecommandbehaviorclicontrolgetauditctlutility
linux

Problem

How to use the auditctl command: Utility to control the behavior, get status and manage rules of the Linux Auditing System. More information: <https://manned.org/auditctl>.

Solution

auditctl — Utility to control the behavior, get status and manage rules of the Linux Auditing System. More information: <https://manned.org/auditctl>.

Display the [s]tatus of the audit system:
sudo auditctl -s


[l]ist all currently loaded audit rules:
sudo auditctl -l


[D]elete all audit rules:
sudo auditctl -D


[e]nable/disable the audit system:
sudo auditctl -e {{1|0}}


Watch a file for changes:
sudo auditctl -a always,exit -F arch=b64 -F path=/{{path/to/file}} -F perm=wa


Recursively watch a directory for changes:
sudo auditctl -a always,exit -F arch=b64 -F dir=/{{path/to/directory}}/ -F perm=wa


Display [h]elp:
auditctl -h

Code Snippets

Display the [s]tatus of the audit system

sudo auditctl -s

[l]ist all currently loaded audit rules

sudo auditctl -l

[D]elete all audit rules

sudo auditctl -D

[e]nable/disable the audit system

sudo auditctl -e {{1|0}}

Watch a file for changes

sudo auditctl -a always,exit -F arch=b64 -F path=/{{path/to/file}} -F perm=wa

Context

tldr-pages: linux/auditctl

Revisions (0)

No revisions yet.