audit 1.2.2 released
Steve Grubb
sgrubb at redhat.com
Wed May 17 21:23:25 UTC 2006
On Wednesday 17 May 2006 17:12, Michael C Thompson wrote:
> > Please let me know if there are any problems with this release.
>
> auditctl -a entry,always -S chmod -F "watch=/root/file"
>
> This fails... how is one supposed to use the new 'watch' field filter?
This was already reported on SE Linux mail list last week. The short answer is
that policy needs to be adjusted to make this work. I don't know if the
changes have been rolled out yet. Just as a test, try "setenforce 0" and then
load the audit rule.
-Steve
More information about the Linux-audit
mailing list