SUSE ELS and Audit
Roman Drahtmueller
draht at suse.de
Fri Feb 23 10:26:31 UTC 2007
Mark,
>
> Hi guys,
>
> I'm really struggling to get an understanding of what kernel and audit
> version I need to be able to use file system watches on my SLES 10 box.
>
> >From what I've managed to read and understand, we need kernel 2.6.18 and
> audit version 1.2.x ? Is that correct ? At the moment I'm struggling to
> install 1.2.x, but I've managed to get the kernel up and running.
>
> Also worth a note here ... by default, SLES 10 does not show system
> calls. It's disabled in /etc/sysconfig/auditd. Edit
> AUDITD_DISABLE_CONTEXTS, and make it ="no"
>
SLES10 doesn't have file-watch until Service Pack 1, which is
work-in-progress. I can make updated audit packages available for you to
spare you the package building. The same accounts for the kernel package
as well as pwdutils-plugin-audit. I'd be glad to know the results of your
testing, in case. Contact me off-list to get the packages.
> Cheers
> Mark
Thanks,
Roman.
More information about the Linux-audit
mailing list