Re: audit 1.0.3 released
linux-audit-bounces(a)redhat.com wrote on 08/24/2005 12:07:49 PM:
On Wed, 2005-08-24 at 12:59 -0400, Steve Grubb wrote:
> The easiest thing to do is just add the == value to the
comparison. This would
> let people do something like success!=yes or success=no to test for
failure.
Seems like a reasonable feature to add if there's consensus on it. I'm
investigating one or two other things which may require an updated
kernel anyway, so would include it then.
We could also just change the man page to state the following usage:
-F success=1 - to audit successful syscalls
-F success!=1 - to audit unsuccessful syscalls
Attachments:
- attachment.html (text/html — 803 bytes)