{"id":"rhel9-auditctl-file-watch-syntax","text":"`auditctl -w <path> -p <perms> -k <key>` creates file watch rules; permission flags are `w` (write), `a` (attribute), `r` (read), `x` (execute).","truth_value":"IN","source":"repo:entries/2026/03/04/en-documentation-red_hat_enterprise_linux-9-html-security_hardening-auditing-the.md","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"rhel9-auditctl-file-watch-syntax","truth_value":"IN","reason":"premise"}]}}