[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Problem loading rules



I am trying to load rules from a file that contains:

-a exit,always -F path=/etc/shadow -S open -k myrule_000000
-a exit,always -F path=/usr/sbin/chroot -S execve -k myrule_000001
-a exit,always -F path=/var/repository/important.doc -S unlink -k myrule_000002
-a exit,always -F path=/var/log/secure -S open -k myrule_000003
-a exit,always -F path=/usr/bin/nmap -S execve -k myrule_000004

using auditctl -R

I am getting the following error:
Cannot realloc memory!

-F path must be before -S
There was an error in line 2 of iitds_audit.rules

--

I originally had the -S options before the -F. When I got the error, I switched the order, but the same error is returned.

I have tried entering the rules individually from the command line and they work without error.

I am using audit-1.2.4

Thanks,
Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]