On Thu, Jul 20, 2006 at 07:54:26PM -0500, Klaus Weidner wrote: > On Thu, Jul 20, 2006 at 03:44:07PM -0400, Lane Williams wrote: > > I am using audit 1.1.3 under SuSE Enterprise 10. I was wondering if > > anyone could give me an idea of how to log when someone tries to open a > > file which they do not have access to. > > > > I've tried the example > > > > auditctl -a exit,always -S open -F success=0 > > What base kernel version and audit patches is SLED10 using? Audit > development has been active until recently and it may not have all the > latest and greatest audit patches in it.
Kernel 2.6.16.21. No additional audit patches as of now. Ciao, Marcus -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
