Logging failed open() calls on /var/log/audit/audit.log
Robert Giles
rgiles at arlut.utexas.edu
Thu Jun 29 18:12:40 UTC 2006
On Thu, 29 Jun 2006, Klaus Weidner wrote:
> If you really insist on the audit records, you could weaken the
> restrictions on the /var/log/audit/ directory (for example 711
> permissions) so that it doesn't reject the traversal. The audit files are
> still protected of course.
Thanks for the suggestion, didn't even think to try that - the failed
attempts are recorded now and I don't think we really lose anything from
our CSA's perspective in terms of security.
Thanks!
-----------------------------------------------------------
Robert Giles Group System Administrator
SPD/ARL:UT (512) 835-3077 · Fax (512) 490-4244
More information about the Linux-audit
mailing list