Adding a key to syscall rules
Timothy R. Chavez
tinytim at us.ibm.com
Mon May 2 16:06:26 UTC 2005
On Mon, 2005-05-02 at 09:00 -0400, Steve Grubb wrote:
> Hello,
>
> I wanted to bring something up. Currently, we have the ability to add a custom
> "tag" or key to filesystem auditing rules. I got to thinking that this should
> also be done for syscall auditing. This way, admins can set a rule with a
> custom key and search for it later. (I have to write the search code.)
> Besides being useful, I think this should be done for symmetry between
> syscall & filesystem auditing as well.
>
I like this idea, it certainly doesn't hurt to have. What's your time
frame for introducing new functionality to auditctl?
-tim
More information about the Linux-audit
mailing list