[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] get dev value for inode audit records - take 3



Hi,
Works fine. Great, thank you! Reduces load a lot when /proc accesses
are no longer audited.
I currenly use
/usr/local/sbin/auditctl -a entry,always -S execve
/usr/local/sbin/auditctl -a entry,possible -S open
/usr/local/sbin/auditctl -a exit,never  -S open -F devmajor=0
/usr/local/sbin/auditctl -a exit,always -S open
to get only real filesystem accesses.

Greetings,
Erich Schubert
--
    erich@(mucl.de|debian.org)      --      GPG Key ID: 4B3A135C    (o_
  To understand recursion you first need to understand recursion.   //\
  Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für   V_/_
        eine Stunde wie eine Heimat aus. --- Herrmann Hesse


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]