Re: Adding a key to syscall rules
On Mon, 2005-05-02 at 09:00 -0400, Steve Grubb wrote:
Hello,
I wanted to bring something up. Currently, we have the ability to add a custom
"tag" or key to filesystem auditing rules. I got to thinking that this should
also be done for syscall auditing. This way, admins can set a rule with a
custom key and search for it later. (I have to write the search code.)
Besides being useful, I think this should be done for symmetry between
syscall & filesystem auditing as well.
I like this idea, it certainly doesn't hurt to have. What's your time
frame for introducing new functionality to auditctl?
-tim