[PATCH] audit keys: support for multiple audit keys
Steve Grubb
sgrubb at redhat.com
Fri Mar 12 12:45:31 UTC 2010
On Friday 12 March 2010 02:44:22 am Juraj Hlista wrote:
> An audit rule can have more than 1 key, the keys can be of
> different types (only AUDIT_FILTERKEY for now)
We discussed this about 2 years ago and came up with this solution:
https://www.redhat.com/archives/linux-audit/2008-March/msg00125.html
> For example, it is possible to create a rule such as:
> auditctl -a exit,always -F path=/file -F key=k1 -F key=k2 -F key=k3
Any audit package since 1.7 supports this syntax already. What does this patch
provide that we don't already have? IOW, we already solved this problem 2
years ago, I am wondering if you knew we already can do this?
-Steve
More information about the Linux-audit
mailing list