audit 0.6.10 released
Debora Velarde
dvelarde at us.ibm.com
Thu Apr 7 13:37:14 UTC 2005
> I'd expect that adding a rule with arch=64 on a 32bit machine would fail.
> But, arch=32/64 doesn't look like the right solution. We are exposing
> the underlying architecture which is more granular that 32 vs. 64 bit.
> It includes various architectures as well. Why not keep this value
> the same as the output in the audit message? And if it's done as it
> currently is, the records could (theoretically) be parsed on a machine
> with a different cpu arch than the machine that generated the record.
Can you post a couple of examples of what the auditctl rules would look
like?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050407/238425f9/attachment.htm>
More information about the Linux-audit
mailing list