On Thu, 29 Jun 2006, Klaus Weidner wrote:
If you really insist on the audit records, you could weaken the
restrictions on the /var/log/audit/ directory (for example 711
permissions) so that it doesn't reject the traversal. The audit files are
still protected of course.
Thanks for the suggestion, didn't even think to try that - the failed
attempts are recorded now and I don't think we really lose anything from
our CSA's perspective in terms of security.
Thanks!
-----------------------------------------------------------
Robert Giles Group System Administrator
SPD/ARL:UT (512) 835-3077 ? Fax (512) 490-4244
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
