rollthehard6·قبل 8 سنوات·discussErm, why not just configure auditd to detect it instead? Though not sure how widely available that facility is outside of Red Hat.