Re: EXT :Re: CD Burner Auditing
On Tuesday, April 22, 2014 04:06:05 PM Steve Grubb wrote:
On Tuesday, April 22, 2014 03:44:45 PM Boyce, Kevin P. wrote:
> Does the audit subsystem have the ability to dynamically create new
> auditing rules using another event as the trigger?
There was a patch for a reactive plugin sent to the list a number of years
ago. The patch was too big and bounced, but I was cc'ed and have a copy. I
have not had the time to review it to see if its maintainable, supportable,
and exactly what I'd want. It's actually pretty well documented. I could
probably make it available off my people page since its too large for the
mail list.
http://people.redhat.com/sgrubb/audit/reactive/
I have not reviewed the patch. I don't know if it still compiles or needs
changes. I am very interested in the topic of being able to load more rules to
watch something closer when certain things occur. If you look at the pdf, one
of the use cases it assists in is auditing files on removable media.
I would like to hear feedback on this patch to see what others think.
-Steve