How to record audit logs for only one specified file in FreeBSD?

Asked May 23 '16 at 16:10

Active Jul 04 '16 at 14:08

Viewed 246 times

On Red Hat Linux I can specify the file I want to record audit logs for with this command:

auditctl -a exit,always -F path=/tmp/foo.txt -F perm=war

I cannot figure out how to do a similar thing on FreeBSD. The only way I've found to record audit logs for files is to add the fr flag to my /etc/security/audit_control file.

Unfortunately, this way doesn't allow me to specify the file.

I asked about it on the trustedbsd-discuss mailing list. You can view the email here. I did not receive any answer yet.

edited Jul 04 '16 at 14:08

asked May 23 '16 at 16:10

1

Maybe you could try on one of the mailing lists https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/eresources-mail.html or the FreeBSD forum https://forums.freebsd.org/ People seem to be much more active there than on SF – Greg May 26 '16 at 23:20

0 Answers0