Hi, all From my Raspberry Pi machine (running Debian Wheezy distribution), I could see the kernel is built with audit enabled, and I could manage to install user-space audit client with the following command.
pi@raspberrypi ~ $ sudo apt-get install auditd However, when I tried to enable audit issuing the following commands it doesn’t seem to run properly. pi@raspberrypi ~ $ sudo auditctl -l No rules pi@raspberrypi ~ $ sudo auditctl -a entry,always -S open Error detecting machine type pi@raspberrypi ~ $ sudo auditctl -a entry,always -F arch=armeb -S open arch=armeb machine type not found Can anyone tell me whether audit support ARM based linux systems? Here’s my system information and thanks a lot for your help in advance! pi@raspberrypi ~ $ sudo uname -a Linux raspberrypi 3.18.11-v7+ #781 SMP PREEMPT Tue Apr 21 18:07:59 BST 2015 armv7l GNU/Linux pi@raspberrypi ~ $ dpkg -l |grep audit ii auditd 1:1.7.18-1.1 armhf User space tools for security auditing ii libaudit0 1:1.7.18-1.1 armhf Dynamic library for security auditing Regards, Kangkook
-- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
