There is a current rule in effect:
# auditctl -l
-a always,exclude -F msgtype>0
I am trying to remove it with:
-d always,exclude -F msgtype>0
but receive the error:
-F missing operation for msgtype
What is the proper way to remove this rule?
Asked
Active
Viewed 2,474 times
1
ZachB
- 13,051
- 4
- 61
- 89
1 Answers
0
Did you literally type -F msgtype>0? Then you probably have an empty file 0 in the current directory.
You need to escape the > character, perhaps like this:
-F 'msgtype>0'
Florian Weimer
- 32,022
- 3
- 48
- 92