Difference between "-a exit,always" and "-a always,exit"?
leam hall
leamhall at gmail.com
Thu Apr 3 13:25:26 UTC 2014
Quick workaround is sed, if you don't have a lot of files to fix. :)
Leam
On Thu, Apr 3, 2014 at 9:23 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Thursday, April 03, 2014 08:36:21 AM leam hall wrote:
> > You and everyone I know. However, the SCC scan tool is hitting as it
> > expects "exit,always". Ugh...
>
> This would be a SCAP content issue. In doing some research, I found that
> the
> problem appears to have been solved in the audit-2.0.6 release. It also
> seems
> that a couple rules got accidentally re-introduced in 2.2.3 but was fixed
> again
> in 2.3.2.
>
> But going back to the content, I just grep'ed through the SSG project and
> see
> that they are testing for reversed fields. I'll tell them to fix that.
>
> -Steve
>
> > On Thu, Apr 3, 2014 at 8:32 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> > > On Thursday, April 03, 2014 08:28:59 AM leam hall wrote:
> > > > In the audit.rules file, is there a difference between "-a
> exit,always"
> > > > and "-a always,exit"?
> > >
> > > Nope. Both work fine. I think that for consistency, I have fixed all
> rules
> > > files
> > > to use "-a always,exit".
> > >
> > > -Steve
>
>
--
Mind on a Mission <http://leamhall.blogspot.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20140403/1e64e523/attachment.htm>
More information about the Linux-audit
mailing list