On Tuesday 20 June 2006 16:30, Amy Griffis wrote: > It would be nice if it were possible to further filter the open calls, > by allowing the rule to specify certain flags like O_CREAT, O_RDONLY, > O_WRONLY or O_RDWR. That could do quite a bit to eliminate > unwanted log data. > > What do others think, should we consider adding somthing like this?
Yes, this is what the "rwex" flags to -p of auditctl allowed us to do. But we also need to have a perm field that makes it easy to see what the requested perm was. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
