Difference between "-a exit,always" and "-a always,exit"?
Steve Grubb
sgrubb at redhat.com
Thu Apr 3 13:23:34 UTC 2014
On Thursday, April 03, 2014 08:36:21 AM leam hall wrote:
> You and everyone I know. However, the SCC scan tool is hitting as it
> expects "exit,always". Ugh...
This would be a SCAP content issue. In doing some research, I found that the
problem appears to have been solved in the audit-2.0.6 release. It also seems
that a couple rules got accidentally re-introduced in 2.2.3 but was fixed again
in 2.3.2.
But going back to the content, I just grep'ed through the SSG project and see
that they are testing for reversed fields. I'll tell them to fix that.
-Steve
> On Thu, Apr 3, 2014 at 8:32 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> > On Thursday, April 03, 2014 08:28:59 AM leam hall wrote:
> > > In the audit.rules file, is there a difference between "-a exit,always"
> > > and "-a always,exit"?
> >
> > Nope. Both work fine. I think that for consistency, I have fixed all rules
> > files
> > to use "-a always,exit".
> >
> > -Steve
More information about the Linux-audit
mailing list