On Thu, 2007-02-01 at 09:59 -0500, Stephen Smalley wrote: > Also, he mentioned RHEL 4 as his platform, so I would tend to think that > his kernel and auditctl wouldn't support this anyway. So he may be > limited to using auditallow statements in policy, which is certainly > legitimate use of them (although I understand your goal of centralizing > audit configuration).
It is for RHEL 4, so the above won't work. How much of the functionality is in userspace, and how much requires extra kernel bits? In short, can I recompile the RHEL5 auditd for RHEL4 and expect to get additional functionality? Matt -- Red Hat, Global Professional Services M: +44 (0)7977 267231 GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
