On Thursday 10 January 2008 12:58:13 Klaus Heinrich Kiwi wrote: > On Thu, 2008-01-10 at 12:41 -0500, Steve Grubb wrote: > > On Thursday 10 January 2008 12:25:23 Klaus Heinrich Kiwi wrote: > > > Steve, as we talked earlier through IRC, ausearch/aureport are > > > expecting the kernel anomalies messages to have auid= uid= gid= fields > > > (in this order). This quick patch changes the ANOM_PROMISCUOUS message > > > to the correct format (as already used by ANOM_ABEND). > > > > Thanks, would you mind making 2 changes to this? Add a test for > > audit_enabled being true before calling audit_log...a long standing > > oversight. And add a field at the end "res=1" since this doesn't appear > > to be able to fail. I'm trying to get result fields in all events. > > Will do. Would you like something related to disabling this message when > Xen in enabled?
Let's do that another time. Xen needs a lot of audit work in general. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
