On Mon, 2007-04-23 at 16:09 -0400, Aaron Lippold wrote: filter.conf was a LAuS configuration file, which is no longer used. Auditing in RHEL4 and RHEL 5 is entirely unrelated to LAuS. The approximately corresponding information is in /etc/audit.rules (RHEL4) or /etc/audit/audit.rules (RHEL5) iirc. That really depends what 'discretionary access to control permission modifications' actually means to the person who wrote it ;) I'm guessing it refers to auditing the chmod family of system calls, in which case you would add the following line to /etc/audit/audit.rules in RHEL 5: -a entry,always -S chmod -S fchmod and start the audit daemon. These calls will then be logged in /var/log/audit.log. Matt -- Matthew Booth, RHCA, RHCSS Red Hat, Global Professional Services M: +44 (0)7977 267231 GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490