From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marcus Meissner Subject: Re: SUSE ELS and Audit Date: Fri, 23 Feb 2007 11:20:48 +0100 Message-ID: <20070223102048.GA17529@suse.de> References: <20070222230340.GA7527@suse.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from mx2.redhat.com (mx2.redhat.com [10.255.15.25]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l1NAL140013790 for ; Fri, 23 Feb 2007 05:21:01 -0500 Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) by mx2.redhat.com (8.13.1/8.13.1) with ESMTP id l1NAL0te012195 for ; Fri, 23 Feb 2007 05:21:00 -0500 Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: "Johnston Mark (UK)" Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Fri, Feb 23, 2007 at 10:18:36AM -0000, Johnston Mark (UK) wrote: > Hi guys, > > I'm really struggling to get an understanding of what kernel and audit > version I need to be able to use file system watches on my SLES 10 box. > > >From what I've managed to read and understand, we need kernel 2.6.18 and > audit version 1.2.x ? Is that correct ? At the moment I'm struggling to > install 1.2.x, but I've managed to get the kernel up and running. > > Also worth a note here ... by default, SLES 10 does not show system > calls. It's disabled in /etc/sysconfig/auditd. Edit > AUDITD_DISABLE_CONTEXTS, and make it ="no" SLES 10 Service Pack 1 will have the necessary functionality, filewatches are not in the SLES 10 GA version. Ciao, Marcus