auditctl
Verified for current stable LTS
Auditctl Commands
Auditctl command syntax with verified terminal examples.
Commands
7 commands for Auditctl
auditctl Operations
Auditctl Command: Delete All Audit Rules
sudo auditctl -D auditctl Operations
Auditctl Command: Display Help Auditctl
auditctl -h auditctl Operations
Auditctl Command: Display Status Audit System
sudo auditctl -s auditctl Operations
Auditctl Command: Enable Disable Audit System
sudo auditctl -e <1|0> auditctl Operations
Auditctl Command: List Loaded Audit Rules
sudo auditctl -l auditctl Operations
Auditctl Command: Watch Directory Recursive For Changes
sudo auditctl -a always,exit -F arch=b64 -F dir=/<path/to/directory>/ -F perm=wa auditctl Operations
Auditctl Command: Watch File For Changes
sudo auditctl -a always,exit -F arch=b64 -F path=/<path/to/file> -F perm=wa Suggest a Auditctl Command
Submit missing workflows, corrections, or verified alternatives for this tool.
FAQ
Coverage: Focused examples for common Auditctl workflows.
Verified version: current stable LTS.
Verification: Test commands in a disposable workspace and submit notes for edge cases.