audit.56 merged with audit-2.6.git

Timothy R. Chavez tinytim at us.ibm.com
Thu Jun 9 16:11:57 UTC 2005

Previous message (by thread): audit.56 merged with audit-2.6.git
Next message (by thread): audit.56 merged with audit-2.6.git
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 09 June 2005 11:09, Steve Grubb wrote:
> On Thursday 09 June 2005 11:13, Timothy R. Chavez wrote:
> > Have you tried using the syscall (inode,dev)-based filter rules?
> 
> Files that are deleted and created can have new inode numbers. Examples are 
> rotating audit logs and updating /etc/shadow.

Then use both?

-tim

Previous message (by thread): audit.56 merged with audit-2.6.git
Next message (by thread): audit.56 merged with audit-2.6.git
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list