* Problem loading rules
@ 2006-07-07 13:07 Steve
2006-07-07 20:56 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Steve @ 2006-07-07 13:07 UTC (permalink / raw)
To: linux-audit
I am trying to load rules from a file that contains:
-a exit,always -F path=/etc/shadow -S open -k myrule_000000
-a exit,always -F path=/usr/sbin/chroot -S execve -k myrule_000001
-a exit,always -F path=/var/repository/important.doc -S unlink -k
myrule_000002
-a exit,always -F path=/var/log/secure -S open -k myrule_000003
-a exit,always -F path=/usr/bin/nmap -S execve -k myrule_000004
using auditctl -R
I am getting the following error:
Cannot realloc memory!
-F path must be before -S
There was an error in line 2 of iitds_audit.rules
--
I originally had the -S options before the -F. When I got the error, I
switched the order, but the same error is returned.
I have tried entering the rules individually from the command line and
they work without error.
I am using audit-1.2.4
Thanks,
Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-07-07 20:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-07 13:07 Problem loading rules Steve
2006-07-07 20:56 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox