{"id":"rhel9-audit-file-watch-command","text":"File audit watches are added with `auditctl -w <path> -p <permissions> -k <key>` and searched with `ausearch -k <key>`.","truth_value":"IN","source":"repo:entries/2026/03/04/en-documentation-red_hat_enterprise_linux-9-html-security_hardening.md","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"rhel9-audit-file-watch-command","truth_value":"IN","reason":"premise"}]}}