[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: auditctl question



Hi Steve,

I tried it on Fedora with audit 1.2.4 and the 2.6.17-based lspp.41
kernel and it seems to work there.

It doesn't work on RHEL4 U2.  I seem to recall that there was
something funky about how to get failed syscalls back then but
I don't recall the details.

-- ljk


Steve Grubb wrote:
> On Wednesday 02 August 2006 16:49, Lane Williams wrote:
> 
>>Should the following work???
> 
> 
> Yes.
> 
> 
>>auditctl -a exit,always -S all -F exit=-13
> 
> 
> If this does not work, we will need a kernel patch for it.
> 
> -Steve
> 
> --
> Linux-audit mailing list
> Linux-audit redhat com
> https://www.redhat.com/mailman/listinfo/linux-audit


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]