RHEL-AS-4.4 and auditd-1.0.14
Steve Grubb
sgrubb at redhat.com
Wed Feb 14 17:42:47 UTC 2007
On Tuesday 13 February 2007 18:20:04 Simon Jones wrote:
> I changed the rule from the /etc watch to individual files in the /
> etc directory and that seems to have settled it down.
>
> It seems to be a problem with watching directories only.
Hmm. The daemon doesn't make decisions at all based on what's in the event.
Offhand, I don't have any other suggestions other than a session with
valgrind. There's very little memory allocating done by the audit daemon to
make sure we do not have memory leaks.
-Steve
More information about the Linux-audit
mailing list