Run auditctl to audit a file

Got an unknown question on ModSecurity.

Auto reset the configuration.

Run auditctl to audit the file.

So, could work with Plesk Support to identify the problem.

How-to

List

auditctl  -l

Add

auditctl -w /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf -p wa -k waf_changes

Remove

auditctl -W /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf -p wa -k waf_changes

Log

/var/log/audit/aduit.log

/etc/audit/auditd.conf

#

# This file controls the configuration of the audit daemon

#

local_events = yes

write_logs = yes

log_file = /var/log/audit/audit.log

log_group = root

log_format = RAW

flush = INCREMENTAL_ASYNC

freq = 50

max_log_file = 8   #Max log file size in MB: 8MB

num_logs = 5   #Max number of audit log: 5

priority_boost = 4

disp_qos = lossy

dispatcher = /sbin/audispd

name_format = NONE

##name = mydomain

max_log_file_action = ROTATE

space_left = 75

space_left_action = SYSLOG

verify_email = yes

action_mail_acct = root

admin_space_left = 50

admin_space_left_action = SUSPEND

disk_full_action = SUSPEND

disk_error_action = SUSPEND

use_libwrap = yes

##tcp_listen_port = 60

tcp_listen_queue = 5

tcp_max_per_addr = 1

##tcp_client_ports = 1024-65535

tcp_client_max_idle = 0

enable_krb5 = no

krb5_principal = auditd

##krb5_key_file = /etc/audit/audit.key

distribute_network = no

Update