public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed
* Bugs in audit tables
@ 2008-12-08  8:21 Loredan Stancu
  2008-12-08 15:28 ` Steve Grubb
  2008-12-11 15:04 ` Steve Grubb
  0 siblings, 2 replies; 3+ messages in thread
From: Loredan Stancu @ 2008-12-08  8:21 UTC (permalink / raw)
  To: sgrubb; +Cc: linux-audit

Hi Steve!

I found another bugs in audit tabel:

1. No rules can be added to exclude,user,entry,task tables.
2. action 'never' can't be set.


I tested with audit version 1.7.9 on gentoo system. kernel version
2.6.26-gentoo-r3

- Loredan

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Bugs in audit tables
  2008-12-08  8:21 Bugs in audit tables Loredan Stancu
@ 2008-12-08 15:28 ` Steve Grubb
  2008-12-11 15:04 ` Steve Grubb
  1 sibling, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2008-12-08 15:28 UTC (permalink / raw)
  To: Loredan Stancu; +Cc: linux-audit

On Monday 08 December 2008 03:21:06 am Loredan Stancu wrote:
> I found another bugs in audit tabel:
>
> 1. No rules can be added to exclude,user,entry,task tables.

Can you give examples of what you get when you do them by hand? IOW, try 
something like:

auditctl -a always,exclude -m avc

> 2. action 'never' can't be set.

Again, I can't help unless I see what you are getting. These all work fine on 
my system.

-Steve

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Bugs in audit tables
  2008-12-08  8:21 Bugs in audit tables Loredan Stancu
  2008-12-08 15:28 ` Steve Grubb
@ 2008-12-11 15:04 ` Steve Grubb
  1 sibling, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2008-12-11 15:04 UTC (permalink / raw)
  To: Loredan Stancu; +Cc: linux-audit

On Monday 08 December 2008 03:21:06 am Loredan Stancu wrote:
> I found another bugs in audit tabel:
>
> 1. No rules can be added to exclude,user,entry,task tables.
> 2. action 'never' can't be set.

I tightened up the parsing for -m and -w auditctl options. This was fixed as 
svn commit 202. Thanks for reporting the problem.

-Steve

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-12-11 15:04 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-12-08  8:21 Bugs in audit tables Loredan Stancu
2008-12-08 15:28 ` Steve Grubb
2008-12-11 15:04 ` Steve Grubb

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox