operation not supported on filtering

Vincent Fiset vfiset at gmail.com
Mon Dec 3 17:26:39 UTC 2018


I got a minimal audit.rules file containing:

    # cat -n /etc/audit/audit.rules
    1  -D
    2
    3  -b 8192
    4
    5  -e 0
    6
    7  -a always,exclude -F msgtype=CWD
    8
    9  -w /etc/sysctl.conf -p wa -k sysctl

When I restart auditd I get:

    # /etc/init.d/auditd restart
    Restarting audit daemon: auditd Error sending add rule request
(Operation not supported)
    There was an error in line 7 of /etc/audit/audit.rules
     failed!

instructions like `-a always,exclude -F msgtype=CWD` seems to be very
popular in example all over the internet. I don't understand why I get the
error.

I use auditd `1:1.7.18-1.1` on debian 7

What should I do to make this filter work?

-- 
/VF
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20181203/2278cba5/attachment.htm>


More information about the Linux-audit mailing list