Double addition of rule yields two log messages
Steve Grubb
sgrubb at redhat.com
Fri May 19 18:29:18 UTC 2006
On Friday 19 May 2006 14:06, Linda Knippers wrote:
> Wow, not very intuitive. The auditctl manpage talks about lists
> by name (entry, exclude, etc), not by number.
The man pages don't ever talk about the numbers that are behind any of this.
> With the 1.2.1 tools ausearch with the '-i' option doesn't translate the
> number into a name.
Right.
> Does it with the 1.2.2 tools?
No. I have not had time to work on user space tools. The intent is to make it
do that with the -i param.
> Speaking of ausearch, I just noticed that it emits this message:
>
> # /sbin/ausearch -m CONFIG_CHANGE -i
> Warning - freq is non-zero and incremental flushing not selected.
That comes from the config file parser. You've got a problem
in /etc/audit/auditd.conf that should be fixed.
-Steve
More information about the Linux-audit
mailing list