Sample Rules
Leigh Purdie
Leigh.Purdie at intersectalliance.com
Sun Feb 13 21:09:05 UTC 2005
This is probably something that we can help out with down the track a
little.
At the moment, I'm supporting audit agents on Solaris, AIX, Irix,
Windows, Lotus Notes, and many others (including, of course, linux) - so
coming up with rough 'equivalent capability groups' is likely to be
something that we're likely to do as part of our 'Snare' development
activities.
Leigh.
On Fri, 2005-02-11 at 10:14 -0500, Steve Grubb wrote:
> On Thursday 10 February 2005 16:26, Valdis.Kletnieks at vt.edu wrote:
> > "What auditctl rules do I need to split things into classes equivalent to
> > the Solaris/AIX/Irix (pick one or more) audit classes?"
>
> This is going to take a lot of research on my part. I have never used the
> audit system of SUN machines. Nor do I want to...too much code to write at
> the moment.
>
> It's a good question and maybe someone else that's had experience with that
> machine can help sort it out one day.
>
> Thanks,
> -Steve Grubb
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
--
Leigh Purdie, Director - InterSect Alliance Pty Ltd
http://www.intersectalliance.com/
More information about the Linux-audit
mailing list