Hello linux-audit, We are suddenly under a lot of time pressure to demonstrate linux-audit working in our 2.6.6 kernel. This kernel is booted with a RHEL 3 update 3 userland. Obviously there is a mismatch between our userland and kernel with respect to supporting linux-audit. Here's what I've done: 1. I built our kernel with the CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y config options. 2. I removed the laus-0.1-65RHEL3 rpm and installed the audit-0.5-1 rpm. 3. I booted the mix and got the auditd daemon running 4. I tried some auditctl commands, but had no clue how to test the mix. I have no idea how to configure this and I can't find any documentation on the interface. Am I on the right track? Where can I find documentation? How do I do at least a sanity check? (login and passwd file) Do I need any kernel patches for 2.6.6 and audit-0.5-1? Should I try the audit-0.6.5 and are there any kernel patches needed? We have to be ready by Friday. Thanks a million for any advice. If we are successful, I'm fairly certain this will ship with our product from now on. We'd be glad to provide testing feedback to you. Thank You, Joe Porter Senior Software Engineer Concurrent Computer Corporation