auditctl question
Linda Knippers
linda.knippers at hp.com
Wed Aug 2 22:15:24 UTC 2006
Hi Steve,
I tried it on Fedora with audit 1.2.4 and the 2.6.17-based lspp.41
kernel and it seems to work there.
It doesn't work on RHEL4 U2. I seem to recall that there was
something funky about how to get failed syscalls back then but
I don't recall the details.
-- ljk
Steve Grubb wrote:
> On Wednesday 02 August 2006 16:49, Lane Williams wrote:
>
>>Should the following work???
>
>
> Yes.
>
>
>>auditctl -a exit,always -S all -F exit=-13
>
>
> If this does not work, we will need a kernel patch for it.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list