[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit 0.9.4 released



Steve Grubb wrote:

This update represents that last feature (sighup) being added for the CAPP development work. At this point, I think we are at a point where we need lots of testing, bug reports, and review of man pages.

the new auditctl (0.9.4) is returning a 1 on a successful insert or remove of a watch ... My tests checks for the return code so I know that was not the case in the previous version.


I am running kernel.56
Example:
[root comp loulwa]# auditctl -l
No rules
AUDIT_WATCH_LIST: dev=253:0, path=/tmp/foo, filterkey=key-key, perms=, valid=0
[root comp loulwa]# auditctl -W /tmp/foo
[root comp loulwa]# echo $?
1
[root comp loulwa]# auditctl -l
No rules
No watches
[root comp loulwa]# auditctl -w /tmp/new_file -k test-key
[root comp loulwa]# echo $?
1
[root comp loulwa]# auditctl -l
No rules
AUDIT_WATCH_LIST: dev=253:0, path=/tmp/new_file, filterkey=test-key, perms=, valid=0


- loulwa


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]