audit 0.9.12 released
Loulwa Salem
loulwas at us.ibm.com
Thu Jun 23 01:51:54 UTC 2005
Steve Grubb wrote:
> This version also corrects user &
> watch list filtering.
>
> Please let me know if there are any problems.
>
when adding auid filters on watches .. and executing "auditclt -l" I
don't see a list of the newly added filter rules ... Is that the
behavior you intended?
(I am on kernel.65 on i386 system)
example
# auditctl watch,always -F auid=something
# auditctl watch,never -F auid=something
# auditctl -l
No rules
No watches
Also .. the above commands don't seem to be actually filtering .. so I
don't know if that is because the mechanism might not be working, or
maybe the filters aren't getting inserted since I don't see them in the
listing ..
Thanks,
- Loulwa
More information about the Linux-audit
mailing list