Re: Audit rule problem
On Tue, 17 Jul 2007 16:05:12 +0200, Roger Holm said:
I want to log if someone uses the rpm command (to install/upgrade
packages), but not the rest of commands. Only the rpm command!
What do you want it to do if they use 'yum' instead of 'rpm', or
'cp /bin/rpm /bin/innocent; /bin/innocent -Uvh evil-0.99.3.noarch.rpm'?
Attachments:
- attachment.sig (application/pgp-signature — 226 bytes)