Re: Sample Rules
This is probably something that we can help out with down the track a
little.
At the moment, I'm supporting audit agents on Solaris, AIX, Irix,
Windows, Lotus Notes, and many others (including, of course, linux) - so
coming up with rough 'equivalent capability groups' is likely to be
something that we're likely to do as part of our 'Snare' development
activities.
Leigh.
On Fri, 2005-02-11 at 10:14 -0500, Steve Grubb wrote:
On Thursday 10 February 2005 16:26, Valdis.Kletnieks(a)vt.edu wrote:
> "What auditctl rules do I need to split things into classes equivalent to
> the Solaris/AIX/Irix (pick one or more) audit classes?"
This is going to take a lot of research on my part. I have never used the
audit system of SUN machines. Nor do I want to...too much code to write at
the moment.
It's a good question and maybe someone else that's had experience with that
machine can help sort it out one day.
Thanks,
-Steve Grubb
--
Linux-audit mailing list
Linux-audit(a)redhat.com
http://www.redhat.com/mailman/listinfo/linux-audit
--
Leigh Purdie, Director - InterSect Alliance Pty Ltd
http://www.intersectalliance.com/