Re: Double addition of rule yields two log messages
On Friday 19 May 2006 14:06, Linda Knippers wrote:
Wow, not very intuitive. The auditctl manpage talks about lists
by name (entry, exclude, etc), not by number.
The man pages don't ever talk about the numbers that are behind any of this.
With the 1.2.1 tools ausearch with the '-i' option
doesn't translate the
number into a name.
Right.
Does it with the 1.2.2 tools?
No. I have not had time to work on user space tools. The intent is to make it
do that with the -i param.
Speaking of ausearch, I just noticed that it emits this message:
# /sbin/ausearch -m CONFIG_CHANGE -i
Warning - freq is non-zero and incremental flushing not selected.
That comes from the config file parser. You've got a problem
in /etc/audit/auditd.conf that should be fixed.
-Steve