[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Why doesn't this rule block syscall records?



On Thursday 12 July 2007 01:22:35 pm Taylor_Tad emc com wrote:
> I was trying out a syscall entry rule that I thought would block audit
> records from system services/daemons that haven't had their audit ID
> (auid) set yet.

Which kernel are you using? There was a signed/unsigned promotion and 
comparison bug fixed not too long ago.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]