📌  相关文章
📜  PID 进程的 ubuntu auditd 规则 - Shell-Bash 代码示例

📅  最后修改于: 2022-03-11 14:50:58.106000             🧑  作者: Mango

代码示例1
# To see all syscalls made by a specific program:
sudo auditctl -a always,exit -S all -F pid=1005

#To watch a file for changes (2 ways to express):

sudo auditctl -w /etc/shadow -p wa
sudo auditctl -a always,exit -F path=/etc/shadow -F perm=wa