linux auditd: Not getting log for chmod syscall
bharat gupta
bharatguptagg at gmail.com
Fri Jan 13 04:52:29 UTC 2012
Hi,
I am using redhat 6, and trying to create logs for some system call using
the rule given below:
*-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=500
-F auid!=4294967295 -k perm_mod*
After running command chmod i was not able to get any log, but when i used
strace command i have seen that syscall have been called.
I also checked that auditd service is running properly.
May you guide me why i am not able to get any log message.
i also checked by writting rule for 32 bit, but problem still not resolved.
--
Bharat Gupta
IIT -Roorkee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20120113/e636bd15/attachment.htm>
More information about the Linux-audit
mailing list