From: Linda Knippers <linda.knippers@hp.com>
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: auditctl question
Date: Wed, 02 Aug 2006 18:15:24 -0400 [thread overview]
Message-ID: <44D123FC.90304@hp.com> (raw)
In-Reply-To: <200608021803.09061.sgrubb@redhat.com>
Hi Steve,
I tried it on Fedora with audit 1.2.4 and the 2.6.17-based lspp.41
kernel and it seems to work there.
It doesn't work on RHEL4 U2. I seem to recall that there was
something funky about how to get failed syscalls back then but
I don't recall the details.
-- ljk
Steve Grubb wrote:
> On Wednesday 02 August 2006 16:49, Lane Williams wrote:
>
>>Should the following work???
>
>
> Yes.
>
>
>>auditctl -a exit,always -S all -F exit=-13
>
>
> If this does not work, we will need a kernel patch for it.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2006-08-02 22:15 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-31 17:14 New List Member: Intro & comments Clif Flynt
2006-07-31 17:54 ` Steve Grubb
2006-08-07 9:37 ` Marcus Meissner
2006-07-31 20:05 ` SQLite Clarification Clif Flynt
2006-07-31 21:13 ` Steve Grubb
2006-08-02 20:49 ` auditctl question Lane Williams
2006-08-02 22:03 ` Steve Grubb
2006-08-02 22:15 ` Linda Knippers [this message]
2006-08-02 22:29 ` Steve Grubb
2006-08-03 0:22 ` Klaus Weidner
2006-08-03 13:00 ` Williams, P. Lane
2006-08-03 15:18 ` Klaus Weidner
2006-08-03 20:02 ` Williams, P. Lane
2006-08-03 20:29 ` Klaus Weidner
2006-08-03 21:06 ` Steve Grubb
2006-08-04 1:50 ` Williams, P. Lane
2006-08-04 10:28 ` Steve Grubb
2006-08-04 12:48 ` Lane Williams
2006-07-31 22:05 ` SQLite Clarification Clif Flynt
-- strict thread matches above, loose matches on Subject: below --
2007-03-21 17:03 auditctl Question Khoa V. Nguyen
2007-03-22 13:57 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44D123FC.90304@hp.com \
--to=linda.knippers@hp.com \
--cc=linux-audit@redhat.com \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.