[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit.56 merged with audit-2.6.git



On Thursday 09 June 2005 11:09, Steve Grubb wrote:
> On Thursday 09 June 2005 11:13, Timothy R. Chavez wrote:
> > Have you tried using the syscall (inode,dev)-based filter rules?
> 
> Files that are deleted and created can have new inode numbers. Examples are 
> rotating audit logs and updating /etc/shadow.

Then use both?

-tim


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]