[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Path ignored but syscall event still logged



Sorry, forgot to include that!

[root host1 ~]# uname -r
2.6.32-131.21.1.el6.x86_64
[root host1 ~]# auditctl -s
AUDIT_STATUS: enabled=1 flag=0 pid=24173 rate_limit=0 backlog_limit=8192 lost=124822501 backlog=0

It's a RHEL6.1 server.
Cheers,
Max

-----Original Message-----
From: Steve Grubb [mailto:sgrubb redhat com] 
Sent: 20 December 2011 19:03
To: linux-audit redhat com
Cc: Max Williams
Subject: Re: Path ignored but syscall event still logged

On Tuesday, December 20, 2011 12:55:49 PM Max Williams wrote:
> How come this event is not ignored due to the 8th rule? I think I'm 
> missing something.

One piece of information is missing. The enforcement of the audit policy is done by the kernel. What do you get for uname -r?

-Steve

________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from 
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]