;
}
}
syslog(LOG_ERR, Option %s not found - line %d, nv-value, line);
Regards
Chu Li
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Hi Steve,
we can make updates that change the external behavior. If you want, we can
document this better in man pages that audit pid of 0 means its not running.
I agree with it. At least it's necessary to add some simple explanation about
pid=0 in the manual.
Regards
Chu Li
-Original
, it will
always
add the rule LIST_RULES: exit,always dir=/mnt (0x4) perm=rwxa. I found -w
will
use the exit list automatically. I think it's better to add something about
it
in
manual.
How about your opinion?
Signed-off-by: Chu Li [EMAIL PROTECTED]
---
diff --git a/src/auditctl.c b/src/auditctl.c
,action and -S
xx -a list,action are not allowed. Only -a list,action -S xx and -d
list,action -S xx can be allowed. The users have to add list before
syscall.
Here is the patch for such method. Hope your opinion.
Signed-off-by: Chu Li [EMAIL PROTECTED]
---
diff --git a/src/auditctl.c b/src
-off-by: Chu Li [EMAIL PROTECTED]
---
diff --git a/src/auditd-config.c b/src/auditd-config.c
index 8977502..ca3d3a3 100644
--- a/src/auditd-config.c
+++ b/src/auditd-config.c
@@ -434,14 +434,14 @@ static const struct kw_pair *kw_lookup(const char *val)
static int log_file_parser(struct nv_pair *nv
Hi Steve,
When auditd is stoped, auditctl -s will show pid=0. I think it's not
correct information. It's better to tell users auditd not started.
Signed-off-by: Chu Li [EMAIL PROTECTED]
---
diff --git a/src/auditctl.c b/src/auditctl.c
index 10894f9..b26dd82 100755
--- a/src/auditctl.c
+++ b/src