Altering Audit Rules

Attention! This is an advanced functionality intended for administrators needing to tweak monitoring rules. Use with caution as altering audit rules incorrectly can impact Agent's functionality.

The GuardMode Agent includes a script to alter the auditd rules to change monitored directories. This can be useful for adding or removing directories from monitoring without reinstalling the Agent.

The script is located at:

/opt/catalogic/guard-mode/agent/alter_auditd_watch_paths.sh

To add a new monitored directory:

./alter_auditd_watch_paths.sh /path/to/add

To force overwrite existing rules and monitor only the provided path:

./alter_auditd_watch_paths.sh --force /path/to/add

PreviousNFS Share Monitoring NextChanging Blocklist Configuration