Is there's any kind of identifier that ties events to rules?
Which kernel are you using? Are your events only watches or do you care
about syscall auditing as well (meaning you have set some syscall audit
rules) ?
kernel-2.6.16-1.2212.2.8_FC6.lspp.34.i686 on Fedora Core 5
At the moment they are only watches,
OK, the lspp series (so far) does not support the idea of a "key tag" as RHEL4
did.
So, assuming I installed RHEL4, would this "key tag" allow all events to
be tied to rules, or just the file watch events?
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
