auditd/auditctl SLED10
Lane Williams
lane.williams at jhuapl.edu
Fri Jul 21 12:04:11 UTC 2006
The kernel is 2.6.16.21-0.8, and the audit version is 1.1.3-23.2.
Lane
On Thu, 2006-07-20 at 19:54 -0500, Klaus Weidner wrote:
> On Thu, Jul 20, 2006 at 03:44:07PM -0400, Lane Williams wrote:
> > I am using audit 1.1.3 under SuSE Enterprise 10. I was wondering if
> > anyone could give me an idea of how to log when someone tries to open a
> > file which they do not have access to.
> >
> > I've tried the example
> >
> > auditctl -a exit,always -S open -F success=0
>
> What base kernel version and audit patches is SLED10 using? Audit
> development has been active until recently and it may not have all the
> latest and greatest audit patches in it.
>
> -Klaus
More information about the Linux-audit
mailing list