"Error sending add rule request" using 1.5.4
Brennan, William C
william.c.brennan at lmco.com
Wed Jan 9 19:01:39 UTC 2008
I'm attempting to use the auditd package (1.5.4) as supplied downstream
in the Ubuntu distribution. I'm encountering a problem (as a few others
are as well, Ubuntu bug #140784) in that we can't get auditctl to
successfully handle any new rules. For me, this version of auditd has
not worked at all. I'm only newly acquainted with auditd, so this has
been my only experience.
For example, entering at the command line (taken from the man page):
auditctl -a exit,always -S open -F success!=0
results in the response
Error sending add rule request (Invalid argument)
I tried adding other possible rules via auditctl, and all attempts cause
this response.
Apparently no one using Red Hat is having this problem (i.e., no
complaints on this list), which suggests that perhaps the problem is a
package dependency problem within Ubuntu, but that's just a guess.
Can someone offer any help or suggestions as to what may be causing this
problem for Ubuntu users, and what we might do to fix it? (I also tried
updating to version 1.6.4, which also failed the same way.)
Thanks for any light you can shed!
-- Bill Brennan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20080109/92b753bb/attachment.htm>
More information about the Linux-audit
mailing list