Audit rule problem
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Jul 19 17:59:16 UTC 2007
On Tue, 17 Jul 2007 16:05:12 +0200, Roger Holm said:
> I want to log if someone uses the rpm command (to install/upgrade
> packages), but not the rest of commands. Only the rpm command!
What do you want it to do if they use 'yum' instead of 'rpm', or
'cp /bin/rpm /bin/innocent; /bin/innocent -Uvh evil-0.99.3.noarch.rpm'?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20070719/194ca785/attachment.sig>
More information about the Linux-audit
mailing list