- First Post
- Replies
- Stats
-
Go to
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
Hello,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit It will also be in rawhide
tomorrow. The Changelog is:
- Rule and watch insert no longer automatically dumps list
- auditctl rules can now use auid in addition to loginuid
- Add sighup support for daemon reconfiguration
- Move some functions into private.h
This update represents that last feature (sighup) being added for the CAPP
development work. At this point, I think we are at a point where we need lots
of testing, bug reports, and review of man pages.
-Steve Grubb
On Saturday 11 June 2005 12:17, Steve Grubb wrote:
Hello,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit It will also be in rawhide
tomorrow. The Changelog is:
- Rule and watch insert no longer automatically dumps list
- auditctl rules can now use auid in addition to loginuid
- Add sighup support for daemon reconfiguration
- Move some functions into private.h
This update represents that last feature (sighup) being added for the CAPP
development work. At this point, I think we are at a point where we need lots
of testing, bug reports, and review of man pages.
-Steve Grubb
Hey Steve,
Geat news. I'll release a patch to the audit.56 with my changes either
tommorow or Monday. The only user space alteration will be a new
type.
-tim
Steve Grubb wrote:
This update represents that last feature (sighup) being added for the
CAPP
development work. At this point, I think we are at a point where we need lots
of testing, bug reports, and review of man pages.
the new auditctl (0.9.4) is returning a 1 on a successful insert or
remove of a watch ... My tests checks for the return code so I know that
was not the case in the previous version.
I am running kernel.56
Example:
[root@comp loulwa]# auditctl -l
No rules
AUDIT_WATCH_LIST: dev=253:0, path=/tmp/foo, filterkey=key-key, perms=,
valid=0
[root@comp loulwa]# auditctl -W /tmp/foo
[root@comp loulwa]# echo $?
1
[root@comp loulwa]# auditctl -l
No rules
No watches
[root@comp loulwa]# auditctl -w /tmp/new_file -k test-key
[root@comp loulwa]# echo $?
1
[root@comp loulwa]# auditctl -l
No rules
AUDIT_WATCH_LIST: dev=253:0, path=/tmp/new_file, filterkey=test-key,
perms=, valid=0
- loulwa
On Monday 13 June 2005 11:50, Loulwa Salem wrote:
the new auditctl (0.9.4) is returning a 1 on a successful insert or
remove of a watch
Fixed. Will be in 0.9.5.
Thanks
-Steve
7132
days inactive
7134
days old
linux-audit@lists.linux-audit.osci.io
3 comments
3 participants
tags (0)
participants (3)
-
Loulwa Salem -
Steve Grubb -
Timothy R. Chavez