renameat2 syscall is not recorded
Steve Grubb
sgrubb at redhat.com
Wed Mar 10 19:06:43 UTC 2021
On Wednesday, March 10, 2021 5:53:42 AM EST Alan Evangelista wrote:
> OM> Not sure if this is it, but there is a "-" missing before the "S"
> before "renameat2".
>
> This was indeed the issue. I found our that was the issue when I ran
> "auditctl -l". Thank you.
>
> Is there any reason why augenrules
It has no idea about the rules, it simply compiles the master list.
> and auditctl -R don't print errors to stdout when rules parsing errors
> occur?
If it's detected that the rules are in a file, they get sent to syslog because
99.99% of the time, this is system boot or initscripts and we need to make
the problem discoverable later by the system admin.
-Steve
More information about the Linux-audit
mailing list