Re: Difference between "-a exit,always" and "-a always,exit"?

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: Difference between "-a exit,always" and "-a always,exit"?
Date: Thu, 03 Apr 2014 09:23:34 -0400	[thread overview]
Message-ID: <2369373.XVSyS8d0au@x2> (raw)
In-Reply-To: <CACv9p5qJWcH7NQ3w86prqsxJY=7vZ6J0krWXVVC9TQV1he_dog@mail.gmail.com>

On Thursday, April 03, 2014 08:36:21 AM leam hall wrote:
> You and everyone I know. However, the SCC scan tool is hitting as it
> expects "exit,always". Ugh...

This would be a SCAP content issue. In doing some research, I found that the 
problem appears to have been solved in the audit-2.0.6 release. It also seems 
that a couple rules got accidentally re-introduced in 2.2.3 but was fixed again 
in 2.3.2.

But going back to the content, I just grep'ed through the SSG project and see 
that they are testing for reversed fields. I'll tell them to fix that.

-Steve

> On Thu, Apr 3, 2014 at 8:32 AM, Steve Grubb <sgrubb@redhat.com> wrote:
> > On Thursday, April 03, 2014 08:28:59 AM leam hall wrote:
> > > In the audit.rules file, is there a difference between  "-a exit,always"
> > > and "-a always,exit"?
> > 
> > Nope. Both work fine. I think that for consistency, I have fixed all rules
> > files
> > to use "-a always,exit".
> > 
> > -Steve

next prev parent reply	other threads:[~2014-04-03 13:23 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-03 12:28 Difference between "-a exit,always" and "-a always,exit"? leam hall
2014-04-03 12:32 ` Steve Grubb
2014-04-03 12:36   ` leam hall
2014-04-03 13:23     ` Steve Grubb [this message]
2014-04-03 13:25       ` leam hall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2369373.XVSyS8d0au@x2 \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox