auditd/auditctl SLED10
Marcus Meissner
meissner at suse.de
Fri Jul 21 06:02:41 UTC 2006
On Thu, Jul 20, 2006 at 07:54:26PM -0500, Klaus Weidner wrote:
> On Thu, Jul 20, 2006 at 03:44:07PM -0400, Lane Williams wrote:
> > I am using audit 1.1.3 under SuSE Enterprise 10. I was wondering if
> > anyone could give me an idea of how to log when someone tries to open a
> > file which they do not have access to.
> >
> > I've tried the example
> >
> > auditctl -a exit,always -S open -F success=0
>
> What base kernel version and audit patches is SLED10 using? Audit
> development has been active until recently and it may not have all the
> latest and greatest audit patches in it.
Kernel 2.6.16.21. No additional audit patches as of now.
Ciao, Marcus
More information about the Linux-audit
mailing list