nispom.rules for RHEL WS 4
Steve Grubb
sgrubb at redhat.com
Thu Jan 28 22:01:59 UTC 2010
On Thursday 28 January 2010 04:21:05 pm Harmon, Jeffrey D wrote:
> Is there a version of nispom.rules that will work with "Audit-1.0.16"
> on RHEL WS 4??
The nispom rules were written during RHEL5's lifetime. The earliest copy is
found here:
http://people.redhat.com/sgrubb/audit/audit-1.5.tar.gz
Look in the contrib directory for nispom.rules. You might try editing each
rule that starts with "-a" and remove the "-k name" at the end of each rule.
If it complains that a syscall is unknown, then delete that syscall since the
RHEL4 kernel doesn't know about it. Shouldn't take more than 2-3 minutes to
get it working.
-Steve
More information about the Linux-audit
mailing list