arch question in rules

Steve Grubb sgrubb at redhat.com
Tue Apr 7 18:34:36 UTC 2009

Previous message (by thread): arch question in rules
Next message (by thread): [PATCH 0/2] security/smack implement logging V3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 07 April 2009 12:01:04 pm LC Bruzenak wrote:
> Q: Should I remove the arch=b32 audit rules if all machines are 64-bit?
> Previously we had both; loaded same ruleset everywhere.

If you had a i386, you could drop the b64 rules. However, x86_64 has both 32 
and 64 bit syscalls. So you need both for full coverage.

-Steve

Previous message (by thread): arch question in rules
Next message (by thread): [PATCH 0/2] security/smack implement logging V3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list