Re: Sample Rules

Steve, Here are examples of some rules we have been working with: Adding rules: auditctl -a exit,never -S mount auditctl -a entry,always -S access -F a1=4 auditctl -a exit,always -S ipc -F a0=2 Deleting rules: auditctl -d exit,never -S mount auditctl -d entry,always -S access -F a1=4 auditctl -d exit,always -S ipc -F a0=2 Examples we would like to have: Task rules. Examples using more of the -F fields, including mulltiple -F fields in one rule. Kris Wilson Linux Security (512) 838-0126 T/L:678-0126 krisw(a)us.ibm.com Steve Grubb <sgrubb(a)redhat.co m> To Sent by: Linux Audit Discussion linux-audit-bounc <linux-audit(a)redhat.com&gt; es(a)redhat.com cc Subject 02/10/2005 12:35 Sample Rules PM Please respond to Linux Audit Discussion Hi, I'm getting closer to releasing the next version of the audit daemon. I'm wanting to include a file that has sample auditctl rules demonstrating how to do various things. I'm open to ideas. What common tasks should be included? Note the file will be installed in the docs directory rather than being the default ruleset. -Steve Grubb -- Linux-audit mailing list Linux-audit(a)redhat.com http://www.redhat.com/mailman/listinfo/linux-audit