Monitoring files
warron.french
warron.french at gmail.com
Tue Apr 24 23:45:15 UTC 2018
Mr. Briggs/Rafi,
I don't see the -i switch even mentioned in the manpage for audit.rules.
Is this a documented switch, or not yet a capability on Red Hat or CentOS
systems?
Thanks in advance,
--------------------------
Warron French
On Tue, Apr 24, 2018 at 6:31 PM, Richard Guy Briggs <rgb at redhat.com> wrote:
> On 2018-04-24 18:03, warron.french wrote:
> > Mr. Briggs/Rafi,
>
> I think you forgot to reply to the list (preferred) and/or Rafi.
>
> > I don't see the -i switch even mentioned in the manpage for audit.rules.
> > Is this a documented switch, or not yet a capability on Red Hat or CentOS
> > systems?
> >
> > Thanks in advance,
> >
> > --------------------------
> > Warron French
> >
> >
> > On Tue, Apr 24, 2018 at 11:14 AM, Richard Guy Briggs <rgb at redhat.com>
> wrote:
> >
> > > On 2018-04-23 23:41, F Rafi wrote:
> > > > Adding a -i to the rules file should ignore any errors.
> > >
> > > At risk of feature creep, it might be nice to have a flag to ignore
> > > certain rules but not others, a way to tag individual rules with either
> > > a must, or a different tag with "ignore if not present" for file rules.
> > >
> > > > -Farhan
> > > >
> > > > On Mon, Apr 23, 2018 at 9:19 PM, warron.french <
> warron.french at gmail.com>
> > > wrote:
> > > > > Hi, I have a requirement to monitor a ton of files, executables and
> > > confug
> > > > > files.
> > > > >
> > > > > Anyway, not all of my systems have every file in the list; and
> when I
> > > add
> > > > > the rules appropriate, either as a Watch (-w) rule or as an Action
> (-a)
> > > > > rule, the rules stop loading when the find a rule that has a file
> that
> > > > > doesn't exist *on that particular system*.
> > > > >
> > > > > This is the intended effect, yes?
> > > > >
> > > > > Thanks in advance,
> > > > > --------------------------
> > > > > Warron French
> > >
> > > - RGB
> > >
> > > --
> > > Richard Guy Briggs <rgb at redhat.com>
> > > Sr. S/W Engineer, Kernel Security, Base Operating Systems
> > > Remote, Ottawa, Red Hat Canada
> > > IRC: rgb, SunRaycer
> > > Voice: +1.647.777.2635, Internal: (81) 32635
> > >
>
> - RGB
>
> --
> Richard Guy Briggs <rgb at redhat.com>
> Sr. S/W Engineer, Kernel Security, Base Operating Systems
> Remote, Ottawa, Red Hat Canada
> IRC: rgb, SunRaycer
> Voice: +1.647.777.2635, Internal: (81) 32635
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20180424/bd4c310f/attachment.htm>
More information about the Linux-audit
mailing list