auditd/auditctl SLED10
Klaus Weidner
klaus at atsec.com
Fri Jul 21 00:54:26 UTC 2006
On Thu, Jul 20, 2006 at 03:44:07PM -0400, Lane Williams wrote:
> I am using audit 1.1.3 under SuSE Enterprise 10. I was wondering if
> anyone could give me an idea of how to log when someone tries to open a
> file which they do not have access to.
>
> I've tried the example
>
> auditctl -a exit,always -S open -F success=0
What base kernel version and audit patches is SLED10 using? Audit
development has been active until recently and it may not have all the
latest and greatest audit patches in it.
-Klaus
More information about the Linux-audit
mailing list