Steve Grubb wrote:
We currently have 5 syscall rules in the capp.rules file and lspp.rules file
that would be eliminated by this change. I could always delete them from the
rule file, but other people will make the mistake of setting possible on some
rules without studying the kernel code.
What's people's thoughts on this?
I think if 'possible' no longer is needed, let's remove it. The only
reason I can think of for keeping it is if people want to have the
same rules file for RHEL4 as for RHEL5, in which case it could be
silently ignored or turned into a regular watch on a RHEL5 system.
- ljk
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
