key in syscall audit rules.
Steve Grubb
sgrubb at redhat.com
Wed May 18 20:42:11 UTC 2005
On Wednesday 18 May 2005 16:33, Casey Schaufler wrote:
> We've hashed the notion of intellegence in audit
> daemons before, and the danger that mapping in
> real time will fail remains
We aren't really talking about doing anything in the audit daemon. It doesn't
have time. We are discussing having ausearch interpret the audit key with the
current rules vs the kernel emitting it as part of the message so there's no
version control issues later.
-Steve
More information about the Linux-audit
mailing list