RE: Path ignored but syscall event still logged

Hi Steve, Thanks for the reply. Yes and yes: [root@host1 ~]# mount|grep ab /dev/mapper/VolGroupCF00-abf_graph on /naab2 type ext4 (rw) /dev/mapper/VolGroupCF01-abf_icff on /naab1 type ext4 (rw) [root@host1 ~]# ll /|grep ab lrwxrwxrwx 1 root root 6 May 9 2011 ab1 -> /naab1 lrwxrwxrwx 1 root root 6 May 9 2011 ab2 -> /naab2 drwxrwx--- 5 root ab_users 4096 May 20 2011 naab1 drwxrwx--- 6 root ab_users 4096 Jun 29 2011 naab2 [root@host1 ~]# How does that affect the the rule, which was for the actual mount point, not the sym link? LIST_RULES: exit,never dir=/naab1 (0x6) syscall=all Cheers, Max -----Original Message----- From: Steve Grubb [mailto:sgrubb@redhat.com] Sent: 13 January 2012 14:46 To: linux-audit(a)redhat.com Cc: Max Williams Subject: Re: Path ignored but syscall event still logged On Thursday, January 12, 2012 09:45:59 AM Max Williams wrote: Looking back at the original... /naab1/serial/data/dir1/serial/dir2/abc_load/temp/some-app/.WORK- serial/1568280a-4eef7e3f-3873 Are there any mount points in that path? Or any symlinks pointing to other disk devices? Thanks, -Steve ________________________________________________________________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ________________________________________________________________________