[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

auditctl behavior



Hi all,

I just grabbed the latest audit bits today, and noticed that when you
load rules from a file, auditctl outputs an ambiguous message:

# auditctl -R /tmp/rules.txt 
No rules
No watches
AUDIT_STATUS: enabled=1 flag=1 pid=2908 rate_limit=0 backlog_limit=256
lost=0 backlog=1

This message should be suppressed, as it implies that the rules have
not been added, when in fact they have.

I'm also seeing an error when deleting rules, although the command is
successful:

# auditctl -D
Error receiving list (Success)
No rules
No watches

Thanks,
Amy


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]