Configuration documentation

[Javier Godinez]

Thanks Steve,

So what syscalls are currently suppoted under auditd version 6.5 which
is what I am using under RHEL4, I had to upgrade some RPMS.

Does anyone know if this is correct, I need to log all uses of the
chown command:
In the /etc/audit.rules I have

-a entry,always -S lchown
-a entry,always -S fchown
-a entry,always -S chown
-a entry,always -S lchown32
-a entry,always -S fchown32
-a entry,always -S chown32

But this does not seem to be working, is chown not inplemented yet?

Thanks a lot, Javier Godinez

On 5/2/05, Steve Grubb <sgrubb at redhat.com> wrote:
> On Monday 02 May 2005 15:47, Javier Godinez wrote:
> > Does anyone know where I can find documentation on how to configure auditd?
> 
> The only documentation that exists right now is in the auditd package. Try
> using the auditd.conf & auditctl man pages.
> 
> > Any help would be appreciated, I need auditd to log the following events:
> 
> If you have a kernel with the right patches most of these should work. We are
> still looking at the filesystem auditing pieces.
> 
> > they should know what I am talking about. Initially we were using LaUS
> > under RHEL3, but with RHEL4, we are dead in the water.
> 
> The audit system for RHEL4 is not delivered yet. It takes both kernel patches
> and patches to several user space packages. Its all being worked on.
> 
> -Steve Grubb
>