Re: auditd/auditctl SLED10 - Marcus Meissner

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Marcus Meissner <meissner@suse.de>
To: Linda Knippers <linda.knippers@hp.com>
Cc: Linux-audit@redhat.com
Subject: Re: auditd/auditctl SLED10
Date: Fri, 21 Jul 2006 16:35:23 +0200	[thread overview]
Message-ID: <20060721143523.GA13632@suse.de> (raw)
In-Reply-To: <44C0E53A.6020402@hp.com>

On Fri, Jul 21, 2006 at 10:31:22AM -0400, Linda Knippers wrote:
> Lane Williams wrote:
> > Yeah, I had tried that.  There is an access syscall.  From the looks of
> > things the audit version that comes with SuSE has a few problems.  I
> > know in Red Hat it seems to work as I need it to.  SuSE is also using
> > Apparmor in place of SELinux, or at least they make it appear that way.
> > The audit deamon also does not support file system watches.
> 
> File system watches aren't supported in the upstream kernel until
> 2.6.18.
> 
> > Seems the only success=no returns that I receive are when the file does
> > not exist.  I may also have to add more to my filter in order to get
> > what I want.  Unfortunately I am stuck with SuSE and will have to
> > continue troubleshooting until the patches come out.
> 
> If you're using a 2.6.16 kernel and 1.1.3 audit tools, that seems like
> a mismatch.  There was a 1.1.4 audit package released back in February
> and the release mail mentions apparmor support.
> https://www.redhat.com/archives/linux-audit/2006-February/msg00036.html

We have integrated AppArmor support in our 1.1.3 packages. (The
stuff we sent upstream for 1.1.4).

Ciao, Marcus

next prev parent reply	other threads:[~2006-07-21 14:35 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-20 14:08 auid bug Steve
2006-07-20 15:19 ` Linda Knippers
2006-07-20 19:44   ` auditd/auditctl SLED10 Lane Williams
2006-07-20 20:08     ` Linda Knippers
2006-07-21 12:14       ` Lane Williams
2006-07-21 14:31         ` Linda Knippers
2006-07-21 14:35           ` Marcus Meissner [this message]
2006-07-21 20:49             ` Lane Williams
2006-07-21  0:54     ` Klaus Weidner
2006-07-21  6:02       ` Marcus Meissner
2006-07-21 12:04       ` Lane Williams
2006-07-24 16:04   ` auid bug Steve

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060721143523.GA13632@suse.de \
    --to=meissner@suse.de \
    --cc=Linux-audit@redhat.com \
    --cc=linda.knippers@hp.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.