Adding a key to syscall rules
Steve Grubb
sgrubb at redhat.com
Mon May 2 13:00:12 UTC 2005
Hello,
I wanted to bring something up. Currently, we have the ability to add a custom
"tag" or key to filesystem auditing rules. I got to thinking that this should
also be done for syscall auditing. This way, admins can set a rule with a
custom key and search for it later. (I have to write the search code.)
Besides being useful, I think this should be done for symmetry between
syscall & filesystem auditing as well.
-Steve
More information about the Linux-audit
mailing list