Re: Removing open_by_handle_at in local copy of stig.rules
On Monday, November 04, 2013 08:55:16 AM leam hall wrote:
As much as I'd like to be on a more current kernel, the
open_by_handle_at
syscall seems to have been introduced in 2.6.39, per para 1.9 of:
http://kernelnewbies.org/Linux_2_6_39
I removed it from my local copy of:
https://fedorahosted.org/audit/browser/trunk/contrib/stig.rules
My old RHEL 5 boxes are easily confused with this new-fangled stuff! :)
You would have to have an auditctl that matched it.
Is there a plan to have a RHEL 5 and RHEL 6 version of the
stig.rules?
I think they are pretty well separated. The rules shipped in rhel5 I think are
current with the requirements levied on RHEL5. RHEL6 just got a STIG and I
have not yet reviewed it to see if they stuck to the agreement we had. But the
rules that would apply to RHEL6 would be shipped on RHEL6. I had not planned
to separate them in svn.
-Steve