Altering Audit Rules
Attention! This is an advanced functionality intended for administrators needing to tweak monitoring rules. Use with caution as altering audit rules incorrectly can impact Agent’s functionality.
The GuardMode Agent includes a script to alter the auditd
rules to change monitored directories. This can be useful for adding or removing directories from monitoring without reinstalling the Agent.
The script is located at:
To add a new monitored directory:
To force overwrite existing rules and monitor only the provided path:
Last updated