Not trapping 'symlink' system call
Eric Howard
pt3vjld02 at sneakemail.com
Wed Jun 6 18:40:04 UTC 2007
I have been tasked to generate test cases to validate the proper execution of particular syscall audit flags. In most cases I have succeeded in triggering audit log entries. However, I have been unable to trigger audit entries for the 'symlink call' My test cases are generated by a shell script that execute commands to trigger the relevant calls. In my test case I created a hard-link and a soft-link using /bin/ln. Running strace indicated that the syscall was definitely made but 'ausearch -sc symlink' shows nothing. I am using audit-1.0.15-3.EL4. Any insight into this problem would be appreciated.
Sincerely,
Eric Howard
--------------------------------------
Protect yourself from spam,
use http://sneakemail.com
More information about the Linux-audit
mailing list