New field to auditd.conf file
Deepika Sundar
sundar.deepika18 at gmail.com
Thu Apr 7 04:47:34 UTC 2016
In the same way, in the kernel side
Can I able to add one new field to the audit log structure without breaking
Compatibility?If so,
1.How can I add new field without breaking compatibility?
or
2. Is there any reserve field in audit log structure so that I can make use
of it?
On Wed, Apr 6, 2016 at 5:47 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Wednesday, April 06, 2016 05:25:36 PM Deepika Sundar wrote:
> > Ok.If i wanted to add the new field to experiment on the requirement,
> which
> > are the files(programs) that need changes or to be updated to take
> effect
> > on new field in auditd.conf?
>
> auditd-config.c
>
>
> > On Wed, Apr 6, 2016 at 5:20 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> > > On Wednesday, April 06, 2016 05:06:08 PM Deepika Sundar wrote:
> > > > Can it be possible to add new field to auditd.conf file?
> > >
> > > That depends entirely on what functionality is being added and if its
> > > acceptable to people in general.
> > >
> > > -Steve
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160407/02682bd8/attachment.htm>
More information about the Linux-audit
mailing list