Re: Why doesn't this rule block syscall records?
On Thursday 12 July 2007 01:22:35 pm Taylor_Tad(a)emc.com wrote:
I was trying out a syscall entry rule that I thought would block
audit
records from system services/daemons that haven't had their audit ID
(auid) set yet.
Which kernel are you using? There was a signed/unsigned promotion and
comparison bug fixed not too long ago.
-Steve