Monitoring events
Steve Grubb
sgrubb at redhat.com
Thu Jun 8 15:23:21 UTC 2006
On Thursday 08 June 2006 10:57, Steve wrote:
> So, assuming I installed RHEL4, would this "key tag" allow all events to
> be tied to rules, or just the file watch events?
There has been some talk about adding the "key" to LSPP kernels. So this might
be available eventually. (You are testing against a kernel that is under
development and not feature complate.)
RHEL4 on the otherhand has an older audit system. I have not backported the
audit dispatcher interface to the 1.0.X series. It shouldn't be difficult and
might be something I do for 1.0.15.
-Steve
More information about the Linux-audit
mailing list