Re: How to learn the Message type?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: David Flatley <dflatley@us.ibm.com>
Cc: linux-audit@redhat.com
Subject: Re: How to learn the Message type?
Date: Mon, 25 Jan 2010 11:46:08 -0500	[thread overview]
Message-ID: <201001251146.08950.sgrubb@redhat.com> (raw)
In-Reply-To: <OF8C3DC9C9.B2818896-ON852576B6.005B06D7-852576B6.005B49B9@us.ibm.com>

On Monday 25 January 2010 11:37:01 am David Flatley wrote:
>     Your audit.rules file for STIG compliance is mostly geared towards RHEL
> 5 systems?

Yes.

> When I try to run it on a RHEL 4 system it complains about the filters (-k)
> and other things.

Yes, there is that and the fact that directory auditing is not recursive and 
you cannot write fancy rules that do file system watching without naming the 
syscall. It may be possible to make some adjustments to the RHEL5 rules, but I 
don't know if you would wind up with lots of unnecessary data as a result of 
RHEL4's audit capabilities.

-Steve

     prev parent reply	other threads:[~2010-01-25 16:46 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-12-31  2:59 How to learn the Message type? 陈洁丹
2010-01-02 13:47 ` Steve Grubb
2010-01-21 21:29   ` David Flatley
2010-01-21 21:49     ` Steve Grubb
2010-01-22 13:48       ` David Flatley
2010-01-25 16:37       ` David Flatley
2010-01-25 16:46         ` Steve Grubb [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201001251146.08950.sgrubb@redhat.com \
    --to=sgrubb@redhat.com \
    --cc=dflatley@us.ibm.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.