audit test results on lspp.12 kernel
Steve Grubb
sgrubb at redhat.com
Mon Mar 20 18:58:03 UTC 2006
On Monday 20 March 2006 13:50, Linda Knippers wrote:
> I'm still interested in what the records in audit.log look like.
I don't have any table with that information in it. You'd have to just look at
them. We've added subject & object labels to many things. Also added tty to
syscall records.
> I'm more interested in information that's being added or removed as that's
> what seems to have happened in the trusted programs.
They all use a standard logging function now to ensure consistency. But they
will be changing slightly when we merge the patch from Tim to add subject
label to user space originating event.
Best bet is just to eyeball the logs.
-Steve
More information about the Linux-audit
mailing list