proposed interface changes for filesystem audit
Steve Grubb
sgrubb at redhat.com
Wed Nov 2 19:58:20 UTC 2005
On Wednesday 02 November 2005 14:40, Amy Griffis wrote:
> (2) A set of filesystem-related aliases for groups of system calls.
> Currently, one alias "all" is provided that maps to the full set
> of system calls on a given arch.
Could you show a full auditctl example of this alias?
> Here are some examples of other aliases that could be provided:
>
> fs-create: creat,link,mkdir,mknod,open,rename,symlink
> fs-remove: rename,rmdir,unlink
> fs-attr: chmod,chown,fchmod,fchown,fremovexattr,fsetxattr,lchown,
>
> lremovexattr,lsetxattr,removexattr,setxattr,truncate,utime(s) fs-all:
> all filesystem-related syscalls
And one or two of these?
> (3) If backward compatibility with the -w,-W, and -p options is
> desired,
Yes, it is for now.
Thanks,
-Steve
More information about the Linux-audit
mailing list