[RFC][PATCH] (#6) filesystem auditing
Stephen Smalley
sds at tycho.nsa.gov
Tue Mar 15 19:42:48 UTC 2005
Ok, why doesn't the following trigger any audit messages:
# ./auditctl -w /etc/shadow
AUDIT_WATCH : INSERT : SUCCESS
$ passwd
Changing password for user sds.
Changing password for sds
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
/etc/shadow was re-created by this transaction.
I did see debugging messages about pushing and popping data on the cache stack.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list