On Wednesday 25 January 2006 18:10, Robert Giles wrote:
From the list traffic, it seems that only RHEL4 and FC4 kernels have
the
latest patches applied to support the latest auditd, so I retrieved
and built kernel-2.6.14-1.1656_FC4.src.rpm for my system, but I'm still
getting the same "Invalid argument" when I try to do 'auditctl -w
file':
You're brave mixing and matching kernels. :) For FC4 and RHEL4, the 1.0.x
series matches the kernels. The 1.1 and higher is the development branch
meant for newer kernels.
The "-w" argument doesn't work for any kernels except RHEL4 at this moment.
We
ran into a conflict when sending it upstream and they wanted it re-written to
use inotify hooks. That work is nearing completion, but still has lots of
testing to go.
(same error message I get with the stock SuSE 10.0 kernel and the
SuSE
10.0 pre-packaged audit-1.0.3-2 tools/libraries)
I'd use 1.0.12. That is the state of the art for FC4 and RHEL4. Its also what
I've recommended to Suse for the time being. I am working on back porting
some bug fixes into a 1.0.13 release some time soon.
-Steve