audit-1.1.3 and SuSE 10.0 (with FC4 kernel)
Robert Giles
rgiles at arlut.utexas.edu
Thu Jan 26 22:38:48 UTC 2006
On Wed, 25 Jan 2006, Steve Grubb wrote:
> You're brave mixing and matching kernels. :) For FC4 and RHEL4, the 1.0.x
> series matches the kernels. The 1.1 and higher is the development branch
> meant for newer kernels.
Well I'm keeping the SuSE 10 /proc/config.gz intact... just trying out
different kernel source trees with that same .config file.
Where do you all keep the development audit patch tree? (in case I was
inclined to continue using bleeding edge code :)
I downloaded and built kernel-2.6.15-1.1826.2.10.2.2_FC5.lspp.6.src.rpm
from David Woodhouse's site, but still wasn't able to get -w working
with 1.1.3.
> The "-w" argument doesn't work for any kernels except RHEL4 at this moment. We
> ran into a conflict when sending it upstream and they wanted it re-written to
> use inotify hooks. That work is nearing completion, but still has lots of
> testing to go.
Gotcha (kept thinking I was typing the command wrong or something).
> I'd use 1.0.12. That is the state of the art for FC4 and RHEL4. Its also what
> I've recommended to Suse for the time being. I am working on back porting
> some bug fixes into a 1.0.13 release some time soon.
Great, I'll try that tomorrow with the FC4 kernel - thanks a bunch for
the help!
-----------------------------------------------------------
Robert Giles Group System Administrator
SPD/ARL:UT (512) 835-3077 · Fax (512) 490-4244
More information about the Linux-audit
mailing list