Re: Filtering out non-interactive users

> That should work unless the is a 32 bit bug everyone has missed or you > have another rule preventing the logging. If you do cat > /proc/self/loginuid, do you get a number > 0? Also, if you use > auid!=4294967295, does that work? The loginuid is 4294967295. If I pass '-F auid!=4294967295' into the filters, when I run 'auditctl -l' the rules are listed, but each one has 'auid=2147483647 (0x7fffffff)'. I get log entries then, but they are all tagged with auid 4294967295. Is this proper or did I stumble upon a bug after all?