audit test results on lspp.12 kernel
Loulwa Salem
loulwas at us.ibm.com
Wed Mar 15 21:38:23 UTC 2006
On the call Monday, I said I'll test on an lspp.12 kernel. I ran our
CAPP audit test suite on an x86_64 installed with FC5-t3, and lspp.12
kernel. Audit version 1.1.5. Below are my results ..
- All syscall test passed with no problems
- object identity (watch) tests (and any other tests that use watches)
all failed due to inability to insert watches, I get the following
> Error sending watch insert request (Invalid argument)
> add_audit_rule failed - auditctl_comm [auditctl -w /tmp/lafa0qlNM -k
file-basic-key ] returned 255
- Saw some failures in filters tests due the change in the message of
adding/removing audit rules in the CONFIG_CHANGE type records. It used
to be "added/removed an audit rule" and now it is "add/remove rule
to/from list=X"... is there a reason we changed the message?
- Saw some failures in trusted programs due to the missing
msg='SomeString (ex, gpasswd, password, chage ..etc) field from the
audit record in some instances. Our test cases check for that string and
are failing if it's not found... Is there a reason this was removed?
- Loulwa
More information about the Linux-audit
mailing list