what's in the works
Steve Grubb
sgrubb at redhat.com
Mon Mar 28 18:59:58 UTC 2005
On Monday 28 March 2005 12:55, Timothy R. Chavez wrote:
> The down side is if they wanted the global list of all watches (they can get
> at):
>
> find / -type d -exec auditctl -L {} ";"
>
> would be the way to do that -- this would take a great ammount of time (but
> would be most accurate).
What happened to all those text strings that auditctl sent into the kernel to
setup the watches? Did they get discarded? It seems to me that they should
still be around and on a list of some kind.
-Steve
More information about the Linux-audit
mailing list