Re: Excluding stat syscall logging for specific path
2016.04.29 21:48, Steve Grubb rašė:
> No, there is no such file at all, and shouldn’t be, but apache2
tries to
> check it, hence success=0 case is spammed into then logs.
Normally ENOENT failures are not a security concern. Normally EACCES and EPERM
are what attempted security policy violations return with. There is an inode
in that case.
Yeah, now I am using -S open with EACCES/EPERM as from audit.rules example. Failed
stat's ("scans") can actually be seen
from apache2 error.log.
But it turns out that kernel doesn't matter this time.
Yes, It's clear for me now.
Thank you!