A system administrator needs to log all write attempts and attribute modifications for the /etc/shadow file. The logs should be easily identifiable using the key shadow_watch. Which of the following rules should be added to /etc/audit/rules.d/audit.rules to meet this requirement?
-F path=/etc/shadow -p rwa -k shadow_watch
-a always,exit -F file=/etc/shadow -p w -p a -k shadow_watch
The correct rule is -w /etc/shadow -p wa -k shadow_watch. The -w flag is used to set a watch on a specific file or directory. The -p flag specifies the permissions to watch for; in this case, w is for write access and a is for attribute changes. The -k flag assigns a key, shadow_watch, to the audit events generated by this rule, which simplifies searching the audit logs. The other options use incorrect syntax, such as invalid permission types or improperly combining different rule formats.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the `-w` flag do in `/etc/audit/rules.d/audit.rules`?
Open an interactive chat with Bash
What does the `-p wa` permission in the audit rule signify?
Open an interactive chat with Bash
How does the `-k` flag help with audit logs?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access