[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Sample Rules



On Fri, Feb 11, 2005 at 09:43:53AM -0600, Timothy R. Chavez wrote:
> On Thu, 10 Feb 2005 16:26:48 -0500, Valdis Kletnieks vt edu
> <Valdis Kletnieks vt edu> wrote:
> > "What auditctl rules do I need to split things into classes equivalent to
> > the Solaris/AIX/Irix (pick one or more) audit classes?"
> 
> Do you know by chance if this was supported in LAuS?  If it was, Steve
> can use that as a reference example.  I don't remember this feature,
> personally.  But my experience with LAuS was rather limited.

I'm not aware of any compatibility between LAuS and any other audit
implementation in this respect.

LAuS does have admin-configurable audit tags for syscalls and some other
types of events, but userspace generated messages have the tag hardcoded
in the application.

-Klaus


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]