AUDIT YUM - Linux-audit - Linux-Audit List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

AUDIT YUM

[GIT PULL] Audit patches for v4.13

Introducing audit-explorer

warron.french

Sunday, 2 July 2017 Sun, 2 Jul '17

10:08 p.m.

Is there an audit system call associated with the use of rpm or yum? Or is it best to setup a watch rule for both executables? -------------------------- Warron French

Attachments:

attachment.html (text/html — 471 bytes)

Reply

Show replies by date

Ondrej Moris

Monday, 3 July Mon, 3 Jul

3:41 a.m.

Hi, there is no event type associated with rpm or yum. But using -F exe= filters for yum/rpm binaries is really the best option. -- Ondrej On Mon, Jul 3, 2017 at 5:08 AM, warron.french <warron.french(a)gmail.com> wrote:

Is there an audit system call associated with the use of rpm or yum? Or is it best to setup a watch rule for both executables? -------------------------- Warron French -- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Reply

Burn Alting

4:46 a.m.

Warron, As you have suggested, and Ondrej has confirmed, you can monitor the executables, but what is the outcome you desire? Do you want to know if the commands have run and hence may have changed what has been deployed/configured, or are you interested in something else? Perhaps the current state of patching or actually what has been installed? Rgds Burn On Mon, 2017-07-03 at 10:41 +0200, Ondrej Moris wrote:

Hi, there is no event type associated with rpm or yum. But using -F exe= filters for yum/rpm binaries is really the best option. -- Ondrej On Mon, Jul 3, 2017 at 5:08 AM, warron.french <warron.french(a)gmail.com> wrote: > Is there an audit system call associated with the use of rpm or yum? > > Or is it best to setup a watch rule for both executables? > > > -------------------------- > Warron French > > > -- > Linux-audit mailing list > Linux-audit(a)redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Reply

2729

days inactive

2729

days old

linux-audit@lists.linux-audit.osci.io

Manage subscription

2 comments

3 participants

tags (0)

participants (3)

Burn Alting
Ondrej Moris
warron.french