On Friday, October 23, 2015 07:16:40 PM Kangkook Jee wrote: > Hi, all > > From my Raspberry Pi machine (running Debian Wheezy distribution), I could > see the kernel is built with audit enabled, and I could manage to install > user-space audit client with the following command. > > pi@raspberrypi ~ $ sudo apt-get install auditd > > However, when I tried to enable audit issuing the following commands it > doesn’t seem to run properly. > > pi@raspberrypi ~ $ sudo auditctl -l > No rules > pi@raspberrypi ~ $ sudo auditctl -a entry,always -S open > Error detecting machine type > pi@raspberrypi ~ $ sudo auditctl -a entry,always -F arch=armeb -S open > arch=armeb machine type not found > > Can anyone tell me whether audit support ARM based linux systems?
Yes. It was added starting in 2.0.4 and was corrected several times. > Here’s my system information and thanks a lot for your help in advance! > > pi@raspberrypi ~ $ sudo uname -a > Linux raspberrypi 3.18.11-v7+ #781 SMP PREEMPT Tue Apr 21 18:07:59 BST 2015 > armv7l GNU/Linux > > pi@raspberrypi ~ $ dpkg -l |grep audit > ii auditd 1:1.7.18-1.1 > armhf User space tools for security auditing ii libaudit0 > 1:1.7.18-1.1 armhf That one is too old. You need a newer audit package. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit