Removing open_by_handle_at in local copy of stig.rules
Steve Grubb
sgrubb at redhat.com
Mon Nov 4 14:05:25 UTC 2013
On Monday, November 04, 2013 08:55:16 AM leam hall wrote:
> As much as I'd like to be on a more current kernel, the open_by_handle_at
> syscall seems to have been introduced in 2.6.39, per para 1.9 of:
>
> http://kernelnewbies.org/Linux_2_6_39
>
> I removed it from my local copy of:
>
> https://fedorahosted.org/audit/browser/trunk/contrib/stig.rules
>
> My old RHEL 5 boxes are easily confused with this new-fangled stuff! :)
You would have to have an auditctl that matched it.
> Is there a plan to have a RHEL 5 and RHEL 6 version of the stig.rules?
I think they are pretty well separated. The rules shipped in rhel5 I think are
current with the requirements levied on RHEL5. RHEL6 just got a STIG and I
have not yet reviewed it to see if they stuck to the agreement we had. But the
rules that would apply to RHEL6 would be shipped on RHEL6. I had not planned
to separate them in svn.
-Steve
More information about the Linux-audit
mailing list