Why doesn't chown produce an event
by Robert Evans
Greetings,
I have the following rule in audit.rules
-a exit,always -S chmod -S chown -S lchown -S fchown -F success!-1 -F key=mod
If I log in as a typical user and try "chown bob /etc/shadow" I don't get an
event produced, however if I try "chmod 666 /etc/shadow" I do.
What am I missing here?
Thanks!
Bob
17 years, 11 months
- 4
- 6
What is the list of SYSCALLS we can audit for
by Robert Evans
Hi,
I'm new to the Linux auditing world (but have experience in Solaris auditing).
I see a lot of examples and documentation with the -S flag, and a system call
definition. Is there a file/table that lists all system call available to audit?
Thanks
17 years, 11 months
- 2
- 1
audit 1.5.3 released
by Steve Grubb
Hi,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit It will also be in rawhide
tomorrow. The Changelog is:
- Change buffer size to prevent truncation of DAEMON events with large labels
- Fix memory leaks in auparse (John Dennis)
- Update syscall tables for 2.6.21 kernel
- Update capp & lspp rules
- New python bindings for libauparse (John Dennis)
- Fix file permission tests (#237358)
- Fix init script config tests (#237788)
Please note that the audit event dispatcher will be changing again in the next
release. This is the current area of work and this one is considered
temporary. This release is primarily to get some other needed fixes out for
people to use. I should have a new release soon.
Please let me know if there are any problems with this release.
-Steve
17 years, 11 months
- 1
- 0