On Tuesday 21 August 2007 13:50:24 Henning, Arthur C. (CSL) wrote: > > Audit 1.5.6-1.i386 > > That's on RHEL? > Art >> RHEL 5
audit-1.5.5-7 is scheduled for RHEL5. :) > You should have a OBJ_PID record, too. > Art >> Don't find it. I use ausearch -sv no > [filename]. Open the file > and find no OBJ_PID. Perhaps my rule isn't configured to allow this to > be captured. You need a newer kernel. This was fixed in our LSPP work and will be in 5.1. You can find the LSPP kernels here: ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5 But there have probably been some security releases since LSPP was final, so you'd want to switch to the 5.1 kernel as soon as its out. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
