Re: Logging failed open() calls on /var/log/audit/audit.log
On Thu, 29 Jun 2006, Klaus Weidner wrote:
If you really insist on the audit records, you could weaken the
restrictions on the /var/log/audit/ directory (for example 711
permissions) so that it doesn't reject the traversal. The audit files are
still protected of course.
Thanks for the suggestion, didn't even think to try that - the failed
attempts are recorded now and I don't think we really lose anything from
our CSA's perspective in terms of security.
Thanks!
-----------------------------------------------------------
Robert Giles Group System Administrator
SPD/ARL:UT (512) 835-3077 � Fax (512) 490-4244