Re: [patch 058/209] audit: rework execve audit

Peter Zijlstra Fri, 27 Jul 2007 15:06:59 -0700

On Fri, 2007-07-27 at 23:55 +0200, Peter Zijlstra wrote:
> On Fri, 2007-07-27 at 16:57 -0400, Steve Grubb wrote:
> 
> > I don't know of anything special its a fully updated rawhide machine. I am 
> > not 
> > running any tests, this is at the prompt in runlevel 3. I have audit=1 as a 
> > boot parameter in grub.conf and very simple audit rules for that machine:
> > 
> > -D
> > -b 256
> > -a exit,always -S sethostname
> > -w /etc/selinux/config
> > 
> > which is not exotic.
> 
> I'm feeling dumb,.. on fedora 7 userland I do:
> 
> [EMAIL PROTECTED] ~]# auditctl -D
> No rules
> [EMAIL PROTECTED] ~]# auditctl -b 256
> AUDIT_STATUS: enabled=0 flag=1 pid=0 rate_limit=0 backlog_limit=256 lost=0 
> backlog=0
> [EMAIL PROTECTED] ~]# auditctl -a exit,always -S sethostname
> Error sending add rule request (Invalid argument)
> 
> man auditctl seems to suggest that is a valid command.


Ok, I am dumb, CONFIG_AUDITSYSCALL=n



--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

Re: [patch 058/209] audit: rework execve audit

Reply via email to