On Tuesday 21 August 2007 11:39:51 Linda Knippers wrote: > > Using system-config-audit getting key (-k) configuration errors when > > saving changes. > > > > [EMAIL PROTECTED] ~]# Stopping auditd: [ OK ] > > Starting auditd: [ OK ] > > key option needs a watch or syscall given prior to it > > This is telling you that the -k flag needs to be after a -S > flag. I don't know why the order matters but apparently it does.
Correct. It matters because originally keys were only associated with watches. So, I needed the rule writer to declare that this is going to be a syscall or watch rule so that I can error check appropriately. Keys do not apply to rules like, -b or -e, so I still want to see the rule type ahead of a key option so that errors are caught. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
