Removing open_by_handle_at in local copy of stig.rules

Removing open_by_handle_at in local copy of stig.rules

[leam hall]

[-- Attachment #1.1: Type: text/plain, Size: 488 bytes --]

As much as I'd like to be on a more current kernel, the open_by_handle_at
syscall seems to have been introduced in 2.6.39, per para 1.9 of:

http://kernelnewbies.org/Linux_2_6_39

I removed it from my local copy of:

https://fedorahosted.org/audit/browser/trunk/contrib/stig.rules

My old RHEL 5 boxes are easily confused with this new-fangled stuff!  :)

Is there a plan to have a RHEL 5 and RHEL 6 version of the stig.rules?

Leam

-- 
Mind on a Mission <http://leamhall.blogspot.com/>

[-- Attachment #1.2: Type: text/html, Size: 859 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: Removing open_by_handle_at in local copy of stig.rules

[Steve Grubb]

On Monday, November 04, 2013 08:55:16 AM leam hall wrote:
> As much as I'd like to be on a more current kernel, the open_by_handle_at
> syscall seems to have been introduced in 2.6.39, per para 1.9 of:
> 
> http://kernelnewbies.org/Linux_2_6_39
> 
> I removed it from my local copy of:
> 
> https://fedorahosted.org/audit/browser/trunk/contrib/stig.rules
> 
> My old RHEL 5 boxes are easily confused with this new-fangled stuff!  :)

You would have to have an auditctl that matched it.

> Is there a plan to have a RHEL 5 and RHEL 6 version of the stig.rules?

I think they are pretty well separated. The rules shipped in rhel5 I think are 
current with the requirements levied on RHEL5. RHEL6 just got a STIG and I 
have not yet reviewed it to see if they stuck to the agreement we had. But the 
rules that would apply to RHEL6 would be shipped on RHEL6. I had not planned 
to separate them in svn.

-Steve