[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC] NISPOM audit rules - first draft



On Friday 13 April 2007 14:24, Timothy R. Chavez wrote:
> Wow... finally just getting to these.  Just a couple quick comments below.

The nispom.rules file has been updated several times since this was initially 
posted.

> > ## unsuccessful modifications
> > -a exit,always -S rename -S truncate -S ftruncate -F exit=-13 -k mods
> > -a exit,always -S renameat -F exit=-13 -k mods
> > -a exit,always -F perm=a -F exit=-13 -k mods
>
> No system call specified...

That's what the magic of "perm" is. It selects all syscalls that match the 
changing of attribute.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]