audit-1.1.3 and SuSE 10.0 (with FC4 kernel)
Steve Grubb
sgrubb at redhat.com
Thu Jan 26 01:51:41 UTC 2006
On Wednesday 25 January 2006 18:10, Robert Giles wrote:
> From the list traffic, it seems that only RHEL4 and FC4 kernels have the
> latest patches applied to support the latest auditd, so I retrieved
> and built kernel-2.6.14-1.1656_FC4.src.rpm for my system, but I'm still
> getting the same "Invalid argument" when I try to do 'auditctl -w file':
You're brave mixing and matching kernels. :) For FC4 and RHEL4, the 1.0.x
series matches the kernels. The 1.1 and higher is the development branch
meant for newer kernels.
The "-w" argument doesn't work for any kernels except RHEL4 at this moment. We
ran into a conflict when sending it upstream and they wanted it re-written to
use inotify hooks. That work is nearing completion, but still has lots of
testing to go.
> (same error message I get with the stock SuSE 10.0 kernel and the SuSE
> 10.0 pre-packaged audit-1.0.3-2 tools/libraries)
I'd use 1.0.12. That is the state of the art for FC4 and RHEL4. Its also what
I've recommended to Suse for the time being. I am working on back porting
some bug fixes into a 1.0.13 release some time soon.
-Steve
More information about the Linux-audit
mailing list