Sample Rules
Klaus Weidner
klaus at atsec.com
Fri Feb 11 17:29:27 UTC 2005
On Fri, Feb 11, 2005 at 09:43:53AM -0600, Timothy R. Chavez wrote:
> On Thu, 10 Feb 2005 16:26:48 -0500, Valdis.Kletnieks at vt.edu
> <Valdis.Kletnieks at vt.edu> wrote:
> > "What auditctl rules do I need to split things into classes equivalent to
> > the Solaris/AIX/Irix (pick one or more) audit classes?"
>
> Do you know by chance if this was supported in LAuS? If it was, Steve
> can use that as a reference example. I don't remember this feature,
> personally. But my experience with LAuS was rather limited.
I'm not aware of any compatibility between LAuS and any other audit
implementation in this respect.
LAuS does have admin-configurable audit tags for syscalls and some other
types of events, but userspace generated messages have the tag hardcoded
in the application.
-Klaus
More information about the Linux-audit
mailing list