Re: Auditing file access by application
On 2017-06-12 11:31, John Petrini wrote:
Hi Richard.
It looks like the -F exe= option is not supported at all regardless of
negation.
Starting auditd: [ OK ]
-F unknown field: exe
Support is upstream in Linux kernel v4.3 and userspace audit-2.5.0.
It is in RHEL7 kernel-3.10.0-351.el7
John Petrini
- RGB
--
Richard Guy Briggs <rgb(a)redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635