[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: auditd/auditctl SLED10



On Thu, Jul 20, 2006 at 07:54:26PM -0500, Klaus Weidner wrote:
> On Thu, Jul 20, 2006 at 03:44:07PM -0400, Lane Williams wrote:
> > I am using audit 1.1.3 under SuSE Enterprise 10.  I was wondering if
> > anyone could give me an idea of how to log when someone tries to open a
> > file which they do not have access to.
> > 
> > I've tried the example
> > 
> > auditctl -a exit,always -S open -F success=0
> 
> What base kernel version and audit patches is SLED10 using? Audit
> development has been active until recently and it may not have all the
> latest and greatest audit patches in it.

Kernel 2.6.16.21. No additional audit patches as of now.

Ciao, Marcus


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]