Auditing file access by application
Richard Guy Briggs
rgb at redhat.com
Mon Jun 12 15:49:36 UTC 2017
On 2017-06-12 11:31, John Petrini wrote:
> Hi Richard.
>
> It looks like the -F exe= option is not supported at all regardless of
> negation.
>
> Starting auditd: [ OK ]
> -F unknown field: exe
Support is upstream in Linux kernel v4.3 and userspace audit-2.5.0.
It is in RHEL7 kernel-3.10.0-351.el7
> John Petrini
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list