On Thursday 09 November 2006 14:56, Todd, Charles wrote:
If I'm reading this correctly, you're telling me that the
1.0.14 auditd
that ships with RHEL4u3 is immature, at best.
No, you are misparsing the problem...he is trying to use that version of audit
with plain vanilla linux kernels. When paired with our kernel all is well.
Does this mean that I will never get support for the dispatcher
directive
in /etc/auditd.conf?
I just about have 1.0.15 finished and it will have the dispatcher interface +
some backported code around the time start/end directives and various
bugfixes discovered during the LSPP work for RHEL5.
I was hoping to use the development Snare scripts that Leigh put
together,
mainly for a unified, centralization of our audit trails, but it doesn't
work if the dispatcher support option is missing.
U5 it should be there.
-Steve