The kernel is 2.6.16.21-0.8, and the audit version is 1.1.3-23.2. Lane
On Thu, 2006-07-20 at 19:54 -0500, Klaus Weidner wrote: > On Thu, Jul 20, 2006 at 03:44:07PM -0400, Lane Williams wrote: > > I am using audit 1.1.3 under SuSE Enterprise 10. I was wondering if > > anyone could give me an idea of how to log when someone tries to open a > > file which they do not have access to. > > > > I've tried the example > > > > auditctl -a exit,always -S open -F success=0 > > What base kernel version and audit patches is SLED10 using? Audit > development has been active until recently and it may not have all the > latest and greatest audit patches in it. > > -Klaus -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
