Why doesn't this rule block syscall records?
Eric Paris
eparis at redhat.com
Fri Jul 13 17:42:54 UTC 2007
On Fri, 2007-07-13 at 09:28 -0400, Steve Grubb wrote:
> On Friday 13 July 2007 09:26:48 am Steve Grubb wrote:
> > OK, had to double check this. I think you are OK because the miscompare was
> > bz 196233 which appears to have been fixed in -42. The current release,
> > though, is -55 which has another important audit fix in it. The rule
> > comparison is done by the kernel, so that is what matters.
>
> Sorry, re-reading bz, it was fixed in U5. Please try that kernel.
As I recall it also was only an issue on non-32bit systems (x86_64,
ppc64, ia64, etc etc) So if this is a plain old i686 system, this isn't
your problem, if it is x86_64, steve probable nailed your problem right
on the head.
-Eric
More information about the Linux-audit
mailing list