Re: [PATCH] get dev value for inode audit records - take 3

Wednesday, 2 March 2005

Hi,
Works fine. Great, thank you! Reduces load a lot when /proc accesses
are no longer audited.
I currenly use
/usr/local/sbin/auditctl -a entry,always -S execve
/usr/local/sbin/auditctl -a entry,possible -S open
/usr/local/sbin/auditctl -a exit,never  -S open -F devmajor=0
/usr/local/sbin/auditctl -a exit,always -S open
to get only real filesystem accesses.

Greetings,
Erich Schubert
--
    erich(a)(mucl.de|debian.org)      --      GPG Key ID: 4B3A135C    (o_
  To understand recursion you first need to understand recursion.   //\
  Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für   V_/_
        eine Stunde wie eine Heimat aus. --- Herrmann Hesse

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [PATCH] get dev value for inode audit records - take 3