is this message necessary?
Linda Knippers
linda.knippers at hp.com
Thu Nov 10 00:14:12 UTC 2005
For some reason I was thinking that there was more information in the
audit log when a rule or watch was added but there isn't. Since all
the information is known at the point where the current audit records
are generated (I think that's the case), couldn't we just include more
information in the record? I don't see the userspace connection here
but I could be missing something.
-- ljk
Steve Grubb wrote:
> On Wednesday 09 November 2005 18:15, Linda Knippers wrote:
>
>>I just noticed the message is similarly vague when system call
>>rules are removed. It just says "removed an audit rule".
>
>
> So, who wants to update this? I agree that we could at least put the list name
> & syscall number(s) into it or "all" if that applies. There's no way the
> kernel should do the whole thing since that duplicates userspace. Just the
> syscall & list name would be enough to guess the rule in most cases.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
More information about the Linux-audit
mailing list