Performing the same test with a 32-bit binary on both a 32-bit and
64-bit host using the same, current kernel version would be helpful.
On Mon, May 9, 2016 at 4:54 PM, Kangkook Jee wrote:
> Dear Paul,
>
> First of all, thanks a lot for your response.
>
> I think the problem that I have is that I
Dear Paul,
First of all, thanks a lot for your response.
I think the problem that I have is that I can’t see expected message (which is
AUDIT_SOCKCALL) from 64-bit kernel when it runs 32-bit binary that issues
connect() system call.
Regarding 32-bit system that I showed from the previous mail
Without looking at the code too closely, have you tried doing these
tests on the same kernel version, preferably a current kernel? The
test below is comparing 3.13 to 2.6.18 which might not be a valid
comparison, and even 3.13 is a few years old.
On Fri, May 6, 2016 at 6:49 PM, Kangkook Jee wrot
On Monday, May 09, 2016 04:13:19 PM varun gulati wrote:
> Hi Team,
> We have requirement where we have to monitor and log any read operations
> performed on a file. e.g. /a/b/c/xyz.log
-a always,exit -F path=/a/b/c/xyz.log -F perm=r -F key=log-access
> This file is usually copied and downloaded
On Monday, May 09, 2016 09:07:11 PM intrigeri wrote:
> in Debian, the convention for many log files is to make them readable
> by members of the adm group. We're considering doing the same for the
> auditd logs, in order to make apparmor-notify work out-of-the-box.
>
> The maintainer of auditd in
Hi,
in Debian, the convention for many log files is to make them readable
by members of the adm group. We're considering doing the same for the
auditd logs, in order to make apparmor-notify work out-of-the-box.
The maintainer of auditd in Debian would like to know what's your take
on it. What kin
Hi Team,
We have requirement where we have to monitor and log any read operations
performed on a file.
e.g. /a/b/c/xyz.log
This file is usually copied and downloaded by many users using various
operations, like, wget, ssh, jsp Download link provided. These commands are
fired from different host
On Saturday, April 30, 2016 09:29:18 PM Manuel Scunthorpe wrote:
> Dear Steve,thanks for your helpful observations. I was able to modify the
> PKGBUILD and successfully build the package, and then build e4rat-lite
> which was my ultimate aim. Sadly it didn't seem to work in Arch Linux due
> to the
On Monday, May 09, 2016 01:40:58 PM Bhagwat, Shriniketan Manjunath wrote:
> I am trying to monitor multiple files using Linux audit. In order to get
> better performance, I am trying to reduce number of rules. If I specify
> more than one path field as in below example I am getting "Invalid
> argu
Hello,
I am trying to monitor multiple files using Linux audit. In order to get better
performance, I am trying to reduce number of rules.
If I specify more than one path field as in below example I am getting
"Invalid argument".
Examle1:
# auditctl -a always,exit -F arch=x86_64 -F path=/home/
Dear Steve,thanks for your helpful observations. I was able to modify the
PKGBUILD and successfully build the package, and then build e4rat-lite which
was my ultimate aim. Sadly it didn't seem to work in Arch Linux due to the
kernel config options, e4rat-lite-collect didn't collect anything, com
11 matches
Mail list logo