Re: audit 0.9.12 released
On Fri, 2005-06-24 at 10:12 -0400, Steve Grubb wrote:
I think unmatched means allow the message. I would err on the side
of
sending messages and let the admin suppress them.
That's already implemented. Each _rule_ gives yes/no/unmatched, and what
you're saying is that audit_filter_user() should return 1 if all calls
to audit_filter_user_rules() have returned 'unmatched'.
I think this one we leave alone. User message filtering is not
related
to syscalls, so its different.
It's not particularly different at the moment. Changing the prototype
for one but not the other would make it gratuitously so, which isn't
really an improvement.
--
dwmw2