On Fri, 2007-12-07 at 16:06 -0500, Paul Moore wrote:
> On Friday 07 December 2007 3:52:31 pm Eric Paris wrote:
> > On Fri, 2007-12-07 at 14:57 -0500, Paul Moore wrote:
> > > NOTE: This really is an RFC patch, it compiles and boots but that is
> > > pretty much all I can promise at this point. I'm
On Friday 07 December 2007 3:52:31 pm Eric Paris wrote:
> On Fri, 2007-12-07 at 14:57 -0500, Paul Moore wrote:
> > NOTE: This really is an RFC patch, it compiles and boots but that is
> > pretty much all I can promise at this point. I'm posting this patch to
> > gather feedback from the audit crow
On Fri, 2007-12-07 at 14:57 -0500, Paul Moore wrote:
> NOTE: This really is an RFC patch, it compiles and boots but that is pretty
> much all I can promise at this point. I'm posting this patch to gather
> feedback from the audit crowd about the continued overloading of
> the AU
On Friday 07 December 2007 3:36:08 pm Eric Paris wrote:
> On Fri, 2007-12-07 at 12:11 -0500, Paul Moore wrote:
> > This patch fixes a number of small but potentially troublesome things in
> > the XFRM/IPsec code:
> >
> > * Use the 'audit_enabled' variable already in include/linux/audit.h
> >Re
On Fri, 2007-12-07 at 12:11 -0500, Paul Moore wrote:
> This patch fixes a number of small but potentially troublesome things in the
> XFRM/IPsec code:
>
> * Use the 'audit_enabled' variable already in include/linux/audit.h
>Removed the need for extern declarations local to each XFRM audit fu
NOTE: This really is an RFC patch, it compiles and boots but that is pretty
much all I can promise at this point. I'm posting this patch to gather
feedback from the audit crowd about the continued overloading of
the AUDIT_MAC_IPSEC_EVENT message type - continue to use it or creat
>
> BTW, what is the linux-audit-bounces list? Some majordomo magic?
You (and everyone else in this and other lists) will have to excuse me for
that - it's probably my mailer (Lotus Notes). I'm working on an external
mailer solution, though.
For the time being just ignore it (and the html par
On Friday 07 December 2007 1:14:38 pm [EMAIL PROTECTED] wrote:
> > Hello friendly audit people,
> >
> > I have a pretty simple question which I hope has a pretty simple answer.
> > Is it possible to exclude a specific audit message type from the audit
> > log? The auditctl man page looks like it m
> Hello friendly audit people,
>
> I have a pretty simple question which I hope has a pretty simple answer.
Is
> it possible to exclude a specific audit message type from the audit log?
The
> auditctl man page looks like it might be possible using the syntax below
but
> I'm not sure ...
>
This patch fixes a number of small but potentially troublesome things in the
XFRM/IPsec code:
* Use the 'audit_enabled' variable already in include/linux/audit.h
Removed the need for extern declarations local to each XFRM audit fuction
* Convert 'sid' to 'secid'
The 'sid' name is specific
Hello friendly audit people,
I have a pretty simple question which I hope has a pretty simple answer. Is
it possible to exclude a specific audit message type from the audit log? The
auditctl man page looks like it might be possible using the syntax below but
I'm not sure ...
# auditctl -a e
Thanks Steve. That worked. What I don't understand is that it is not in
the system that already worked.
Thanks again,
David A. Kirkwood
>On Thursday 06 December 2007 02:42:30 pm Kirkwood, David A. wrote:
>> The ausearch -m DAEMON_START returns version 1.0.14 for auditd on
both
>> systems. I grep
12 matches
Mail list logo