crond
Steve Grubb
sgrubb at redhat.com
Wed Jan 7 22:22:40 UTC 2009
On Wednesday 07 January 2009 04:24:27 pm Starr-Renee Corbin wrote:
> Is there a way to run an auditctl command that will do both of the
> above?
Not at this point. If the user filter in the kernel allowed type to be used,
you might stand a chance. But then there is no way to filter on cron being
the source in the kernel.
User space originating audit events are sent as a string to the kernel. The
kernel does not parse strings and won't match against it.
-Steve
More information about the Linux-audit
mailing list