Configuration documentation
Javier Godinez
godinezj at gmail.com
Tue May 3 16:29:11 UTC 2005
Thanks Steve,
So what syscalls are currently suppoted under auditd version 6.5 which
is what I am using under RHEL4, I had to upgrade some RPMS.
Does anyone know if this is correct, I need to log all uses of the
chown command:
In the /etc/audit.rules I have
-a entry,always -S lchown
-a entry,always -S fchown
-a entry,always -S chown
-a entry,always -S lchown32
-a entry,always -S fchown32
-a entry,always -S chown32
But this does not seem to be working, is chown not inplemented yet?
Thanks a lot, Javier Godinez
On 5/2/05, Steve Grubb <sgrubb at redhat.com> wrote:
> On Monday 02 May 2005 15:47, Javier Godinez wrote:
> > Does anyone know where I can find documentation on how to configure auditd?
>
> The only documentation that exists right now is in the auditd package. Try
> using the auditd.conf & auditctl man pages.
>
> > Any help would be appreciated, I need auditd to log the following events:
>
> If you have a kernel with the right patches most of these should work. We are
> still looking at the filesystem auditing pieces.
>
> > they should know what I am talking about. Initially we were using LaUS
> > under RHEL3, but with RHEL4, we are dead in the water.
>
> The audit system for RHEL4 is not delivered yet. It takes both kernel patches
> and patches to several user space packages. Its all being worked on.
>
> -Steve Grubb
>
More information about the Linux-audit
mailing list