Double addition of rule yields two log messages
Michael C Thompson
thompsmc at us.ibm.com
Fri May 19 15:21:57 UTC 2006
Hey all,
Adding a rule successfully (i.e. not malformed and that rule didn't
already exist) creates a log entry:
type=CONFIG_CHANGE msg=audit(1147986115.721:28510): auid=0
subj=root:staff_r:staff_t:s0-s15:c0.c255 add rule to list=2 res=0
Then, adding the same rule again will resulting in an error message
being reported to the user saying that rule exists (although it uses the
work "File exists", which if that could be changed to "Rule exists",
might be nice). However, despite this apparent failure, we get a log entry:
type=CONFIG_CHANGE msg=audit(1147986117.389:28511): auid=0
subj=root:staff_r:staff_t:s0-s15:c0.c255 add rule to list=2 res=0
Most FYI, not sure if this is a problem or not.
Mike
More information about the Linux-audit
mailing list