audit 0.6.10 released

[Debora Velarde]

Hi Steve,

For the new 'arch' field.  Would this be the correct auditctl usage?

To audit 32bit chmod syscall:
auditctl -a  exit,always -S chmod -F arch=32

To audit 64bit chmod syscall:
auditctl -a  exit,always -S chmod -F arch=64

Can you also do:
auditctl -a entry,always -S 15 -F arch=32

Thanks!
debbie
linux-audit-bounces at redhat.com wrote on 04/01/2005 01:39:00 PM:

> Hello,

> Another audit package has been released. This release is mostly code
cleanups
> and getting things finalized for Fedora Core 4. It can be downloaded from
> http://people.redhat.com/sgrubb/audit

> The changelog includes:

> - Code cleanups
> - Support the arch field for auditctl
> - Add version to auditctl command
> - Documentation updates
> - Moved default location of the audit log to /var/log/audit/audit.log

> The default location for the audit log was moved for a couple reasons. We
want
> to put it in a place that could be used as a mount point. People doing
any
> serious auditing need to have a partition set aside just for auditing.
This
> move, by default, will make it easier for people to do that. We also
wanted
> to put it in its own directory so that we can add some SE Linux policy
later
> to protect the logs.

> The audit watch list code is not in this release. I feel that we still
need to
> discuss the way it needs to work and solidify that before I put it into
the
> FC4 distribution. The watch add & remove I think are fine and the code is
> included so that one day when this gets upstream and that kernel gets
> released, everyone can start using it.

> Let me know if there are any problems with this latest release.

> Thanks,
> -Steve Grubb

> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050405/3ca43503/attachment.htm>