From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mr Dash Four Subject: Re: excluding auditd events Date: Thu, 26 May 2011 15:23:09 +0100 Message-ID: <4DDE624D.6010405@googlemail.com> References: <4DDD9D3E.8020001@googlemail.com> <201105260950.33723.sgrubb@redhat.com> <4DDE5EBD.7060601@googlemail.com> <201105261016.13760.sgrubb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <201105261016.13760.sgrubb@redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com > Sort of. We have kerberos support, but its not enabled at the moment. The reason being > is that the kerberos libraries were in /usr/lib64 which is a big problem if the audit > system started before the nfs components (and it does). I think the kerberos libraries > might have been moved so we could potentially turn that on sometime soon - but I have > not been updating or testing the code. If you build your own packages, you can turn it > on now. > Thanks, I'll try as soon as I am able to build a decent version of the daemon (as I already pointed out - the show-stopper for me is the older version of perl on my FC13 system, which, from what I remember, is a dependency for building the remote-logging part of the daemon). When I get more confident about understanding the audit daemon better (and having looked properly in the code itself) I may come up with few other ideas.