SUSE ELS and Audit
Marcus Meissner
meissner at suse.de
Fri Feb 23 10:20:48 UTC 2007
On Fri, Feb 23, 2007 at 10:18:36AM -0000, Johnston Mark (UK) wrote:
> Hi guys,
>
> I'm really struggling to get an understanding of what kernel and audit
> version I need to be able to use file system watches on my SLES 10 box.
>
> >From what I've managed to read and understand, we need kernel 2.6.18 and
> audit version 1.2.x ? Is that correct ? At the moment I'm struggling to
> install 1.2.x, but I've managed to get the kernel up and running.
>
> Also worth a note here ... by default, SLES 10 does not show system
> calls. It's disabled in /etc/sysconfig/auditd. Edit
> AUDITD_DISABLE_CONTEXTS, and make it ="no"
SLES 10 Service Pack 1 will have the necessary functionality, filewatches
are not in the SLES 10 GA version.
Ciao, Marcus
More information about the Linux-audit
mailing list