SELinux revisited

Steve G linux_4ever at
Sun Oct 21 13:19:58 UTC 2007

>> # This file contains the auditctl rules that are loaded
>> # whenever the audit daemon is started via the initscripts.
>> # The rules are simply the parameters that would be passed
>> # to auditctl.
>> # First rule - delete all
>> -D
>> # Increase the buffers to survive stress events.
>> # Make this bigger for busy systems
>> -b 320
>> # Feel free to add below this line. See auditctl man page
>> -a exit,always -S chroot
>> #-a exit,always -S chdir -F obj_type=dhclient_t
>I don't know the rule syntax, but just looking at the source, it
>to me that the rule on line 15 is malformed (at least compared to the

All of those rules look fine for audit  package > 1.3 and  kernel probably > 2.6.21. But those rules are not default and would have taken some research to come up with since I know of no public examples of auditing by selinux context.


Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the fedora-selinux-list mailing list