[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: File watching



On Tuesday 20 June 2006 16:30, Amy Griffis wrote:
> It would be nice if it were possible to further filter the open calls,
> by allowing the rule to specify certain flags like O_CREAT, O_RDONLY,
> O_WRONLY or O_RDWR.  That could do quite a bit to eliminate
> unwanted log data.
>
> What do others think, should we consider adding somthing like this?

Yes, this is what the "rwex" flags to -p of auditctl allowed us to do. But we 
also need to have a perm field that makes it easy to see what the requested 
perm was.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]