On Tuesday 29 July 2008 21:06:45 Peng Haitao wrote:
> When the watched file is deleted or renamed, the log will be made.
> You can get the result by following steps:
>
> 1. # service auditd start
> 2. # touch temp_file
> 3. # auditctl -w `pwd`/temp_file -k temp_file
> 4. # rm -f temp_file
>
> /var/
2008/8/15, Steve Grubb <[EMAIL PROTECTED]>:
> On Friday 15 August 2008 09:58:54 Matteo Michelini wrote:
>> I'm working on a binary format for the linux-audit system as part of a
>> university research project.
>
> Big-endian/little-endian in aggregated logs? Will the kernel authors allow
> the
> en
On Fri, 2008-08-15 at 15:58 +0200, Matteo Michelini wrote:
> I'm working on a binary format for the linux-audit system as part of a
> university research project.
>
> The goal is having something similar to BSM trails.
> What do you think about it?
If your question is whether we would be ok with
On Friday 15 August 2008 09:58:54 Matteo Michelini wrote:
> I'm working on a binary format for the linux-audit system as part of a
> university research project.
Big-endian/little-endian in aggregated logs? Will the kernel authors allow the
encoder in the kernel? XDR was the only option we had la
I'm working on a binary format for the linux-audit system as part of a
university research project.
The goal is having something similar to BSM trails.
What do you think about it?
2008/8/14, Stephen Smalley <[EMAIL PROTECTED]>:
>
> On Wed, 2008-08-13 at 13:25 -0300, Klaus Heinrich Kiwi wrote:
>>
On Friday 15 August 2008 02:43:49 Kay Hayen wrote:
> More importantly, and somewhat blocking my tests: With the improved rules I
> get this when compiling quite well reproducible:
>
> type=SYSCALL msg=audit(1218773075.500:118620): arch=c03e syscall=59
> success=yes exit=0 a0=7fff6f78cf90 a1=7ff
