AUDIT Rules - Paul Whitney

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Paul Whitney <paul.whitney@mac.com>
To: linux-audit@redhat.com
Subject: AUDIT Rules
Date: Wed, 23 May 2007 15:04:48 -0400	[thread overview]
Message-ID: <C27A0890.1E30%paul.whitney@mac.com> (raw)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Can someone tell me what is the correct syntax for successfully or failing
to modify a file using the chmod command?  I have :

- -a exit,possible -S chmod -F success=0 -F success!=0
- -a exit,possible -S fchmod -F success=0 -F success!=0

But I am not able to audit the event. As a regular user I try to change the
permissions of /etc/shadow. The action fails (as expected) but does not get
audited.

Any suggestions is greatly appreciated.


Paul Whitney
Information Systems Solutions
paul.whitney@mac.com

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRlSQSbdVg+viRqgEAQjJTAf8CHUY4lQMv7tJrdseTqe/l2n1oFwu8GNr
xrIPab5+iQtRWk4OwwOnmifz1yZRyA+tO+W0hXc7UFn5c1J8YKFooAYEiTK/DvBI
oE4Aeme5QDIW4MN/quq8qOeKieMUDr2oPt3ZqVW6F9u/pF/dlUaQ5OvdSchtdfLw
iYMsd2rS5xtUVa0fDYEsQqz6AAaKbpuBCa6+ksxWTnPOCjYec0jpVpT3unFLA7G3
FK34zc5nfzuGimEtPb3wGvZv32wPyDDV8aD/ghw9kBYT3Fobd4LF6ZT89MbWSlja
I5HW38q8elNn6an3FjWo+UV9r47tuMteIuFUatwed47yR/58xizoEg==
=yBwv
-----END PGP SIGNATURE-----

next             reply	other threads:[~2007-05-23 19:05 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-23 19:04 Paul Whitney [this message]
2007-05-23 19:10 ` AUDIT Rules Steve Grubb
2007-05-24 13:03   ` Curtis, TS Troy @ IS
2007-05-24 23:31 ` Mike Nixon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=C27A0890.1E30%paul.whitney@mac.com \
    --to=paul.whitney@mac.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.