Can we audit writing to character device?
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Mon Aug 4 11:58:30 UTC 2014
Hello.
I tried to audit write syscall on /dev/watchdog in order to check
https://access.redhat.com/site/solutions/707563 .
I expected that I can do it using
# auditctl -a exit,always -F filetype=character -F devmajor=10 -F devminor=130 -F arch=b64 -S write -k watchdog
but it did not work (even
# auditctl -a exit,always -F filetype=character -F arch=b64 -S write -k watchdog
did not work).
Is this functionality not implemented?
Should I do
# stap -d hpwdt -e 'probe module("hpwdt").function("hpwdt_ping") { printf("%u\n", gettimeofday_ns()); }'
instead (if I can't use this functionality) ?
Regards.
More information about the Linux-audit
mailing list