[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#6) filesystem auditing



Ok, why doesn't the following trigger any audit messages:

# ./auditctl -w /etc/shadow
AUDIT_WATCH : INSERT : SUCCESS

$ passwd
Changing password for user sds.
Changing password for sds
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

/etc/shadow was re-created by this transaction.

I did see debugging messages about pushing and popping data on the cache stack.

-- 
Stephen Smalley <sds tycho nsa gov>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]