From 5372f337f3a232c6fb9f13c8cde4f42b39b2e408 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fredrik=20Lys=C3=A9n?= <fredrik@pipemore.se>
Date: Thu, 7 Jun 2018 11:41:18 +0200
Subject: [PATCH] Wrong spelling change rmdiri to rmdir

---
 .../audit_rules_file_deletion_events.rule                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule
index dac69c1c8253..76e0468389d0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule
@@ -11,7 +11,7 @@ description: |-
     default), add the following line to a file with suffix <tt>.rules</tt> in the
     directory <tt>/etc/audit/rules.d</tt>, setting ARCH to either b32 or b64 as
     appropriate for your system:
-    <pre>-a always,exit -F arch=ARCH -S rmdiri,unlink,unlinkat,rename,renameat -F auid&gt;=1000 -F auid!=4294967295 -F key=delete</pre>
+    <pre>-a always,exit -F arch=ARCH -S rmdir,unlink,unlinkat,rename,renameat -F auid&gt;=1000 -F auid!=4294967295 -F key=delete</pre>
     If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
     utility to read audit rules during daemon startup, add the following line to
     <tt>/etc/audit/audit.rules</tt> file, setting ARCH to either b32 or b64 as