[PATCH] audit tools: add filterkey support
Steve
m6x at ornl.gov
Mon Jun 26 12:57:33 UTC 2006
> I haven't determined how to assign a key to a rule yet (maybe that is
> part of the problem).
I was able to assign a key using filterkey=MY_RULE_0 and the auid is
still off.
data="audit(1151326486.828:62): arch=40000003 syscall=195 success=yes
exit=0 a0=9b09080 a1=806a760 a2=8f1ff4 a3=0 items=1 ppid=2329 pid=2696
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts1 comm="nano" exe="/usr/bin/nano"
subj=user_u:system_r:unconfined_t:s0 key="MY_RULE_0""
Steve
More information about the Linux-audit
mailing list