[redhat-lspp] LSPP audit.rules
Debora Velarde
dvelarde at us.ibm.com
Tue Nov 8 23:39:28 UTC 2005
Here is my first attempt at making an LSPP version of audit.rules. I
started with the CAPP version of audit.rules and added to it.
It uses the soon to be old watch syntax, so it may need to be updated
again after Amy's proposed filesystem audit interface changes occur.
There are currently comments telling users to comment/uncomment certain
lines depending on what architecture they are running on. Are we okay
with this or would we prefer to have different audit.rule files for each
architecture?
If there are any more auditing rules you think we need or any that are not
needed, be let me know.
Thanks,
debbie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lspp.rules
Type: application/octet-stream
Size: 7850 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20051108/c162112e/attachment.obj>
More information about the redhat-lspp
mailing list