How can I create a rule that triggers on "Access Denied" or "Permission Denied" attempts on unauthorized access attempts on files in Red Hat Linux? We are using a Red Hat Identity Manager environment.
Also, how would I set up an event filter to see those attempts?
