Path ignored but syscall event still logged
Max Williams
Max.Williams at betfair.com
Thu Jan 12 14:45:59 UTC 2012
Hi All,
Sorry to bug you but is this issue I'm having a bug or have I made a mistake in the rules? Is there another way I could exclude this directory from auditd?
We have licenses for these servers so I could open a case if need be.
Many thanks,
Max
-----Original Message-----
From: linux-audit-bounces at redhat.com [mailto:linux-audit-bounces at redhat.com] On Behalf Of Max Williams
Sent: 06 January 2012 17:26
To: linux-audit at redhat.com
Subject: RE: Path ignored but syscall event still logged
Any update on this Steve? The other ignore rules seem to work, just not that one.
Thanks,
Max
-----Original Message-----
From: Steve Grubb [mailto:sgrubb at redhat.com]
Sent: 21 December 2011 19:25
To: linux-audit at redhat.com
Cc: Max Williams
Subject: Re: Path ignored but syscall event still logged
On Wednesday, December 21, 2011 07:17:01 AM Max Williams wrote:
> Sorry, forgot to include that!
>
> [root at host1 ~]# uname -r
> 2.6.32-131.21.1.el6.x86_64
> [root at host1 ~]# auditctl -s
> AUDIT_STATUS: enabled=1 flag=0 pid=24173 rate_limit=0
> backlog_limit=8192
> lost=124822501 backlog=0
Initial assessment, the kernel patch that discards events might only work on open(2). Eric is looking to see if this can be safely broadened.
-Steve
> On Tuesday, December 20, 2011 12:55:49 PM Max Williams wrote:
> > How come this event is not ignored due to the 8th rule? I think I'm
> > missing something.
>
> One piece of information is missing. The enforcement of the audit
> policy is done by the kernel. What do you get for uname -r?
>
> -Steve
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
More information about the Linux-audit
mailing list