I have been tasked to generate test cases to validate the proper execution of particular
syscall audit flags. In most cases I have succeeded in triggering audit log entries.
However, I have been unable to trigger audit entries for the 'symlink call' My
test cases are generated by a shell script that execute commands to trigger the relevant
calls. In my test case I created a hard-link and a soft-link using /bin/ln. Running
strace indicated that the syscall was definitely made but 'ausearch -sc symlink'
shows nothing. I am using audit-1.0.15-3.EL4. Any insight into this problem would be
appreciated.
Sincerely,
Eric Howard
--------------------------------------
Protect yourself from spam,
use
http://sneakemail.com