I want to monitor a particular directory using auditd, so that any changes are logged. I've created a rule using:
auditctl -w /etc/my_path_to_monitor -p wa -k my_rule
This works great for everything I've tested so far, except changes made with
chattr, such as:
chattr +S /etc/my_path_to_monitor/a_file
The use of
chattr isn't resulting in any auditd log messages - how can I have such changes audited with auditd?