Re: [PATCH] [AUDIT] Fix ANOM_PROMISCUOUS message format
On Thursday 10 January 2008 12:25:23 Klaus Heinrich Kiwi wrote:
Steve, as we talked earlier through IRC, ausearch/aureport are
expecting
the kernel anomalies messages to have auid= uid= gid= fields (in this
order). This quick patch changes the ANOM_PROMISCUOUS message to the
correct format (as already used by ANOM_ABEND).
Thanks, would you mind making 2 changes to this? Add a test for audit_enabled
being true before calling audit_log...a long standing oversight. And add a
field at the end "res=1" since this doesn't appear to be able to fail.
I'm
trying to get result fields in all events.
I'd like to just touch this code one time since its in the network code.
Thanks,
-Steve