I am setting up a new Linux box, and this one has really odd auditing requirements. One of the requirements is to log every failed attempt to create a file in a directory the user doesn't have access to (such as logging an attempt to touch /etc/testfile ).
It currently isn't logging that, and I can't find any references (google or documentation) on how to enable that. Currently I have the following in my syslog.conf file:
kern.*
daemon.*
syslog.*
lpr,news,uucp,local@,local1,local2,local3,local4,local5,local6.*
authpriv.*
mail.*
cron.*
*.emerg
news.crit
local7.*
Does anybody know what I am missing to log the failed file creation attempt?
Thanks.