Mark, > > Hi guys, > > I'm really struggling to get an understanding of what kernel and audit > version I need to be able to use file system watches on my SLES 10 box. > > >From what I've managed to read and understand, we need kernel 2.6.18 and > audit version 1.2.x ? Is that correct ? At the moment I'm struggling to > install 1.2.x, but I've managed to get the kernel up and running. > > Also worth a note here ... by default, SLES 10 does not show system > calls. It's disabled in /etc/sysconfig/auditd. Edit > AUDITD_DISABLE_CONTEXTS, and make it ="no" >
SLES10 doesn't have file-watch until Service Pack 1, which is work-in-progress. I can make updated audit packages available for you to spare you the package building. The same accounts for the kernel package as well as pwdutils-plugin-audit. I'd be glad to know the results of your testing, in case. Contact me off-list to get the packages. > Cheers > Mark Thanks, Roman. -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
