[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Basic audit test fails



On 3/22/06, Steve Brueckner <steve atc-nycorp com> wrote:
> I'm having trouble getting started with audit on FC4.
>
> First, it appears I don't have file watch enabled in my kernel.  Is file
> watch enabled in  the FC5 kernel, or still only in RHEL?
>

It is only enabled in the RHEL-4 kernels. The patch for this was not
accepted upstream and is being reworked for inclusion in 2.6.17/18
timeframe (if I have my notes correct). I am not sure that the below
would work without the file patches.




> Second, I tried a basic test to audit files opened by a specific user (per
> the auditctl  man page) but it doesn't seem to work:
>

--
Stephen J Smoogen.
CSIRT/Linux System Administrator


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]