From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bryan Jacobs Subject: Re: Question - Rule Syntax Date: Thu, 29 Dec 2011 20:32:58 -0500 Message-ID: References: <4EFC74D0.1000609@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mx1.redhat.com (ext-mx11.extmail.prod.ext.phx2.redhat.com [10.5.110.16]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id pBU1XI1w010360 for ; Thu, 29 Dec 2011 20:33:18 -0500 Received: from vms173013pub.verizon.net (vms173013pub.verizon.net [206.46.173.13]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id pBU1XHfA002099 for ; Thu, 29 Dec 2011 20:33:17 -0500 Received: from ASGFW ([unknown] [173.79.192.195]) by vms173013.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0LWZ00DG1TNARAF1@vms173013.mailsrvcs.net> for linux-audit@redhat.com; Thu, 29 Dec 2011 19:33:13 -0600 (CST) Received: from homdc.e-hom.com ([192.168.1.101]:14399) by ASGFW with smtp (Exim 4.76) (envelope-from ) id 1RgRLB-0006wK-1b for linux-audit@redhat.com; Thu, 29 Dec 2011 20:33:01 -0500 In-reply-to: <4EFC74D0.1000609@gmail.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Trevor Vaughan Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com VHJldm9yLAoKVGhhbmsgeW91IGZvciB0aGUgaW5mb3JtYXRpb24uICBJIGhhdmUgbm90IGhhZCBh IGNoYW5jZSB0byB0ZXN0IGl0IG91dCB5ZXQKYnV0IHRoaXMgaXMgd2hhdCBJIGVuZGVkIHVwIGRv aW5nIGZyb20geW91ciBhZHZpY2XCii4KCioqKiogQkVHSU4gU05JUCBSVUxFUyAqKioqCiMjIEln bm9yZSB0aGUgVmFyb25pcyBhY2NvdW50ICh0byByZWR1Y2UgYXVkaXQgbm9pc2UpCi1hIGFsd2F5 cyxleGl0IC1GIHBhdGg9L29wdC92YXJvbmlzMS42LjAxMDYvYmluL2xzIC1GIHBlcm09eCAtRiBh dWlkIT01MDUKLUYgYXVpZCE9NDI5NDk2NzI5NSAtayBwcml2aWxlZ2VkCi1hIGFsd2F5cyxleGl0 IC1GIHBhdGg9L29wdC92YXJvbmlzMS42LjAxMDYvYmluL3N0YXQgLUYgcGVybT14IC1GCmF1aWQh PTUwNSAtRiBhdWlkIT00Mjk0OTY3Mjk1IC1rIHByaXZpbGVnZWQKLWEgYWx3YXlzLGV4aXQgLUYg cGF0aD0vb3B0L3Zhcm9uaXMxLjYuMDEwNi91dGlscy92cm5zX2FsbF9hY2NvdW50cyAtRgpwZXJt PXggLUYgYXVpZCE9NTA1IC1GIGF1aWQhPTQyOTQ5NjcyOTUgLWsgcHJpdmlsZWdlZAotYSBhbHdh eXMsZXhpdCAtRiBwYXRoPS9vcHQvdmFyb25pczEuNi4wMTA2L3V0aWxzL3ZybnNfZGlhZy5zaCAt RiBwZXJtPXgKLUYgYXVpZCE9NTA1IC1GIGF1aWQhPTQyOTQ5NjcyOTUgLWsgcHJpdmlsZWdlZAot YSBhbHdheXMsZXhpdCAtRiBwYXRoPS9vcHQvdmFyb25pczEuNi4wMTA2L3V0aWxzL3ZybnNfbG9j YWxfYWNjb3VudHMgLUYKcGVybT14IC1GIGF1aWQhPTUwNSAtRiBhdWlkIT00Mjk0OTY3Mjk1IC1r IHByaXZpbGVnZWQKLWEgYWx3YXlzLGV4aXQgLUYgcGF0aD0vb3B0L3Zhcm9uaXMxLjYuMDEwNi91 dGlscy92cm5zX3N0YXQgLUYgcGVybT14IC1GCmF1aWQhPTUwNSAtRiBhdWlkIT00Mjk0OTY3Mjk1 IC1rIHByaXZpbGVnZWQKLWEgYWx3YXlzLGV4aXQgLUYgcGF0aD0vb3B0L3Zhcm9uaXMxLjYuMDEw Ni92cm5zX21vbmQgLUYgcGVybT14IC1GCmF1aWQhPTUwNSAtRiBhdWlkIT00Mjk0OTY3Mjk1IC1r IHByaXZpbGVnZWQKLWEgYWx3YXlzLGV4aXQgLUYgcGF0aD0vb3B0L3Zhcm9uaXMxLjYuMDEwNi92 cm5zX3N0YXRkIC1GIHBlcm09eCAtRgphdWlkIT01MDUgLUYgYXVpZCE9NDI5NDk2NzI5NSAtayBw cml2aWxlZ2VkCiMjIEFwcGx5IHRoZSBWYXJvbmlzIHJ1bGVzIHRvIGV2ZXJ5b25lIGVsc2Ugd2l0 aCBVSUQgNTAwIGFuZCBhYm92ZQotYSBhbHdheXMsZXhpdCAtRiBwYXRoPS9vcHQvdmFyb25pczEu Ni4wMTA2L2Jpbi9scyAtRiBwZXJtPXggLUYgYXVpZD49NTAwCi1GIGF1aWQhPTQyOTQ5NjcyOTUg LUYgYXVpZCE9NTA1IC1rIHByaXZpbGVnZWQKLWEgYWx3YXlzLGV4aXQgLUYgcGF0aD0vb3B0L3Zh cm9uaXMxLjYuMDEwNi9iaW4vc3RhdCAtRiBwZXJtPXggLUYKYXVpZD49NTAwIC1GIGF1aWQhPTQy OTQ5NjcyOTUgLUYgYXVpZCE9NTA1IC1rIHByaXZpbGVnZWQKLWEgYWx3YXlzLGV4aXQgLUYgcGF0 aD0vb3B0L3Zhcm9uaXMxLjYuMDEwNi91dGlscy92cm5zX2FsbF9hY2NvdW50cyAtRgpwZXJtPXgg LUYgYXVpZD49NTAwIC1GIGF1aWQhPTQyOTQ5NjcyOTUgLUYgYXVpZCE9NTA1IC1rIHByaXZpbGVn ZWQKLWEgYWx3YXlzLGV4aXQgLUYgcGF0aD0vb3B0L3Zhcm9uaXMxLjYuMDEwNi91dGlscy92cm5z X2RpYWcuc2ggLUYgcGVybT14Ci1GIGF1aWQ+PTUwMCAtRiBhdWlkIT00Mjk0OTY3Mjk1IC1GIGF1 aWQhPTUwNSAtayBwcml2aWxlZ2VkCi1hIGFsd2F5cyxleGl0IC1GIHBhdGg9L29wdC92YXJvbmlz MS42LjAxMDYvdXRpbHMvdnJuc19sb2NhbF9hY2NvdW50cyAtRgpwZXJtPXggLUYgYXVpZD49NTAw IC1GIGF1aWQhPTQyOTQ5NjcyOTUgLUYgYXVpZCE9NTA1IC1rIHByaXZpbGVnZWQKLWEgYWx3YXlz LGV4aXQgLUYgcGF0aD0vb3B0L3Zhcm9uaXMxLjYuMDEwNi91dGlscy92cm5zX3N0YXQgLUYgcGVy bT14IC1GCmF1aWQ+PTUwMCAtRiBhdWlkIT00Mjk0OTY3Mjk1IC1GIGF1aWQhPTUwNSAtayBwcml2 aWxlZ2VkCi1hIGFsd2F5cyxleGl0IC1GIHBhdGg9L29wdC92YXJvbmlzMS42LjAxMDYvdnJuc19t b25kIC1GIHBlcm09eCAtRgphdWlkPj01MDAgLUYgYXVpZCE9NDI5NDk2NzI5NSAtRiBhdWlkIT01 MDUgLWsgcHJpdmlsZWdlZAotYSBhbHdheXMsZXhpdCAtRiBwYXRoPS9vcHQvdmFyb25pczEuNi4w MTA2L3ZybnNfc3RhdGQgLUYgcGVybT14IC1GCmF1aWQ+PTUwMCAtRiBhdWlkIT00Mjk0OTY3Mjk1 IC1GIGF1aWQhPTUwNSAtayBwcml2aWxlZ2VkCioqKiogRU5EIFNOSVAgUlVMRVMgKioqKgoKSG9w ZSB0aGlzIHdvcmtzLgoKCgpPbiAxMi8yOS8xMSA5OjEwIEFNLCAiVHJldm9yIFZhdWdoYW4iIDxw ZWlyaWFubnlkZEBnbWFpbC5jb20+IHdyb3RlOgoKPi0tLS0tQkVHSU4gUEdQIFNJR05FRCBNRVNT QUdFLS0tLS0KPkhhc2g6IFNIQTEKPgo+SSdtIGhvcGluZyB0byBiZSB0b2xkIG90aGVyd2lzZSwg YnV0IHRoZSBjbGVhbmVzdCBhbmQgbW9zdCBtYWludGFpbmFibGUKPndheSB0aGF0IEkndmUgc2Vl biB0byBkbyB0aGlzIGlzIHRvIG1ha2UgdHdvIHJ1bGVzLgo+Cj5GaXJzdCBSdWxlOiBJZ25vcmUg dXNlciA1MDUKPlNlY29uZCBSdWxlOiBBdWRpdCBldmVyeW9uZQo+Cj5BdWRpdGQgc2hvdWxkIHN0 b3AgYXQgdGhlIGZpcnN0IHJ1bGUgbWF0Y2hlZC4gSXQgZG9lcyBhZGQgbW9yZSBydWxlcyBidXQK PnNlZW1zIHRvIGJlIHRoZSBtb3N0IHN0YWJsZSBhY3Jvc3MgYXVkaXRkIHZlcnNpb25zLgo+Cj5B bHNvLCB0aGF0IGF1aWQhPTQyLi4uIHNob3VsZCBwcm9iYWJseSBiZSBuZWFyIHRoZSB0b3Agb2Yg eW91ciBydWxlcwo+c2luY2UgaXQgd2lsbCBnZXQgaGl0IHRoZSBtb3N0IGFuZCBJJ20gYXNzdW1p bmcgdGhhdCB5b3UgZG9uJ3QgZXZlciB3YW50Cj50byBhdWRpdAo+YW5vbnltb3VzIGFjY2Vzc2Vz IHRvIG1vc3QgaXRlbXMuCj4KPlRyZXZvcgo+Cj5PbiAxMi8yMi8yMDExIDA0OjE5IFBNLCBCcnlh biBKYWNvYnMgd3JvdGU6Cj4+IEFsbCwKPj4gCj4+IE5ldyBhdWRpdGQgbGlzdCBtZW1iZXIgaGVy ZS4gIEkganVzdCBzdGFydGVkIHBsYXlpbmcgYXJvdW5kIHdpdGgKPj5hdWRpdGQuIEkgd2FzIHdv bmRlcmluZyBpZiBzb21lb25lIG1pZ2h0IGJlIGtpbmQgZW5vdWdoIHRvIGFuc3dlciBhCj4+cXVl c3Rpb24gSSBoYXZlLgo+PiBJIGFtIGF0dGVtcHRpbmcgdG8gY3JlYXRlIGEgcnVsZSB0aGF0IHdp bGwgYXVkaXQgcHJpdmlsZWdlZCBjb21tYW5kcwo+PmZvciBVSUQncyBncmVhdGVyIHRoYW4gNTAw IGJ1dCBpZ25vcmUgb25lIHBhcnRpY3VsYXIgdXNlciB0aGF0IGZhbGxzCj4+dW5kZXIgdGhpcwo+ PiBydWxlLiAgVGhlIHVzZXIgSSBhbSB0cnlpbmcgdG8gaWdub3JlIGlzIHRoZSBvbmx5IHVzZXIg dGhhdCBzaG91bGQgYmUKPj50b3VjaGluZyB0aGUgZmlsZS4KPj4gCj4+IEJlbG93IGlzIHRoZSBy dWxlLgo+PiAKPj4gIyMjIyBCRUdJTiBSVUxFIFNOSVAgIyMjIwo+PiAKPj4gIyMgRW5zdXJlIGF1 ZGl0ZCBDb2xsZWN0cyBJbmZvcm1hdGlvbiBvbiB0aGUgVXNlIG9mIFByaXZpbGVnZWQgQ29tbWFu ZHMKPj4gCj4+IC1hIGFsd2F5cyxleGl0IC1GIHBhdGg9L29wdC92YXJvbmlzMS42LjAxMDYvYmlu L2xzIC1GIHBlcm09eCAtRgo+PiBhdWlkPj01MDAgLUYgYXVpZCE9NDI5NDk2NzI5NSAtRiBhdWlk IT01MDUgLWsgcHJpdmlsZWdlZAo+PiAKPj4gIyMjIyBFTkQgUlVMRSBTTklQICMjIyMKPj4gCj4+ IElzIHRoZSBydWxlIHN5bnRheCBhYm92ZSBjb3JyZWN0PyAgSWYgbm90IGhvdyB3b3VsZCBJIGF1 ZGl0IGFsbCB1c2Vycwo+PndpdGggVUlEIGFib3ZlIDUwMCBidXQgc3RpbGwgaWdub3JlIG9uZSBw YXJ0aWN1bGFyIHVzZXI/Cj4+IAo+PiAKPj4gVGhhbmsgeW91IGFuZCBoYXBweSBob2xpZGF5cywK Pj4gCj4tLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQo+VmVyc2lvbjogR251UEcgdjEuNC4x MSAoR05VL0xpbnV4KQo+Cj5pUUVjQkFFQkFnQUdCUUpPL0hUUUFBb0pFQ05DR1YxT0xjeXBoellI LzNDYXlCa3JmWDhDZXh1VzhTTWdDWExzCj56KzN6d3VnMURNZHo2bDRtZnJwNjBUZlZHTDhzY3Rl cU9qZ0hQLzFoRHArVE53UDJZeVh4cUFlTitYT0FlUElVCj5HZWtkM1FyT2M0YkNWaEJ1SEY0NzE5 U1drRVhRNEd1cjFEWUxBWE8vSjlwMjNkV2xUNEFFK2VoQVhvbnEvRjQwCj5xdUdXdUlIQ0x1aThL RHZ3aWdyWU1yNnFaZUJidTQ3bGVURnZIVWFrcWdEQ1V3WGliUjd2WFVQSFlQdU8wQTJWCj5wOHNI cTUzNW5HekxqQjZYTGs0UFdoUlZiL0poWEJyQ3k5aUEzT05NMVJlVDBKYUV0QjBMaXVrdWk2V2Jx NjI3Cj5maDcvK2tRRlhSU0I3UUdIYUZacitGUXA2TGt3UCsyaXFDMUpCblZjMy9wbTU4cTFEUmg0 NmUwbTlqdlBDRGM9Cj49eExJTwo+LS0tLS1FTkQgUEdQIFNJR05BVFVSRS0tLS0tCgoKCgotLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tClZpcnVzIEZy ZWUgLS0gU2Nhbm5lZCBCeSBNYWlsU2VjdXJpdHkKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpUaGlzIGVtYWlsIG1lc3NhZ2UgaXMgZm9yIHRoZSBz b2xlIHVzZSBvZiB0aGUgaW50ZW5kZWQgcmVjaXBpZW50KHMpIGFuZCBtYXkgY29udGFpbiBjb25m aWRlbnRpYWwgYW5kIHByaXZpbGVnZWQgaW5mb3JtYXRpb24uIEFueSB1bmF1dGhvcml6ZWQgcmV2 aWV3LCB1c2UsIGRpc2Nsb3N1cmUgb3IgZGlzdHJpYnV0aW9uIGlzIHByb2hpYml0ZWQuIElmIHlv dSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBjb250YWN0IHRoZSBzZW5k ZXIgYnkgcmVwbHkgZW1haWwgYW5kIGRlc3Ryb3kgYWxsIGNvcGllcyBvZiB0aGUgb3JpZ2luYWwg bWVzc2FnZS4gQW55IHZpZXdzIGV4cHJlc3NlZCBpbiB0aGlzIG1lc3NhZ2UgYXJlIHRob3NlIG9m IHRoZSBhdXRob3IsIGV4Y2VwdCB3aGVyZSB0aGUgc2VuZGVyIHNwZWNpZmljYWxseSBzdGF0ZXMg dGhlbSB0byBiZSB0aGUgdmlld3Mgb2YgQkJHLCBJbmMuCgotLQpMaW51eC1hdWRpdCBtYWlsaW5n IGxpc3QKTGludXgtYXVkaXRAcmVkaGF0LmNvbQpodHRwczovL3d3dy5yZWRoYXQuY29tL21haWxt YW4vbGlzdGluZm8vbGludXgtYXVkaXQ=