Unable to filter on negative values
Linda Knippers
linda.knippers at hp.com
Tue Feb 14 20:54:34 UTC 2006
Michael C Thompson wrote:
> Linda Knippers <linda.knippers at hp.com> wrote on 02/14/2006 12:17:47 PM:
>
>> It seems to work with a rule like this:
>> /sbin/auditctl -a exit,always -S pread64 -F success=no -F exit=9
>
> However did you come up with that one?
Lucky guess. I figured a negative return value was failure so if I
looked for that and the absolute value of the exit code it would
probably work.
-- ljk
More information about the Linux-audit
mailing list