[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Audit rule problem



On Tue, 17 Jul 2007 16:05:12 +0200, Roger Holm said:

> I want to log if someone uses the rpm command (to install/upgrade
> packages), but not the rest of commands. Only the rpm command!

What do you want it to do if they use 'yum' instead of 'rpm', or
'cp /bin/rpm /bin/innocent; /bin/innocent -Uvh evil-0.99.3.noarch.rpm'?

Attachment: pgpOoMDMliCJe.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]