AE> Is there any reason why (...) auditctl -R don't print errors to stdout
when rules parsing errors occur?
SG> If it's detected that the rules are in a file, they get sent to syslog
because
> 99.99% of the time, this is system boot or initscripts and we need
to make
> the problem
On Wednesday, March 10, 2021 5:53:42 AM EST Alan Evangelista wrote:
> OM> Not sure if this is it, but there is a "-" missing before the "S"
> before "renameat2".
>
> This was indeed the issue. I found our that was the issue when I ran
> "auditctl -l". Thank you.
>
> Is there any reason why
OM> Not sure if this is it, but there is a "-" missing before the "S" before
"renameat2".
This was indeed the issue. I found our that was the issue when I ran
"auditctl -l". Thank you.
Is there any reason why augenrules and auditctl -R don't print errors to
stdout when rules parsing errors
On Tue, Mar 9, 2021 at 7:44 PM Alan Evangelista wrote:
> I have the following audit rule:
>
> -a exit,always -F dir=/data -F arch=b64 -S open -S unlink -S unlinkat -S link
> -S rename
> -S renameat S renameat2 -S chmod
Not sure if this is it, but there is a "-" missing before the "S"
before
On Tue, Mar 9, 2021 at 1:44 PM Alan Evangelista wrote:
>
> I have the following audit rule:
>
> -a exit,always -F dir=/data -F arch=b64 -S open -S unlink -S unlinkat -S link
> -S rename -S renameat S renameat2 -S chmod -S fchmod -S fchmodat -S chown -S
> fchown -S fchownat -S mkdir -S rmdir -S
I have the following audit rule:
-a exit,always -F dir=/data -F arch=b64 -S open -S unlink -S unlinkat -S
link -S rename -S renameat S renameat2 -S chmod -S fchmod -S fchmodat -S
chown -S fchown -S fchownat -S mkdir -S rmdir -S setxattr -S lsetxattr -S
fsetxattr -S removexattr -S lremovexattr -S