Re: Linux-audit Digest, Vol 27, Issue 2
On Monday 11 December 2006 12:15, Thomas, Daniel J. wrote:
I'm new to the audit subsystem. I need to get it working well
under
RHEL4. The version that comes with Redhat is very old (1.0.14?)
That is the latest for RHEL4. There is a 1.0.15 in the pipeline that backports
many features from 1.2.9.
I noticed if I upgrade to 1.0.14 it pretty much works the same, but
if I
upgrade all the way to 1.3.1, file watch functionality has been removed.
There are differences in the RHEL4 kernel and the current 2.6.19 kernel
regarding audit that causes them to be incompatible in several ways.
How do I handle auditing of access to security files with 1.3?
1.3.1 is commandline compatible with 1.0.14. However, you need to be using a
2.6.19 kernel for it.
-Steve