Re: auditd/auditctl SLED10

On Thu, Jul 20, 2006 at 03:44:07PM -0400, Lane Williams wrote: > I am using audit 1.1.3 under SuSE Enterprise 10. I was wondering if > anyone could give me an idea of how to log when someone tries to open a > file which they do not have access to. > > I've tried the example > > auditctl -a exit,always -S open -F success=0 What base kernel version and audit patches is SLED10 using? Audit development has been active until recently and it may not have all the latest and greatest audit patches in it.