On Tue, 2008-03-04 at 15:29 -0500, John Dennis wrote: > Steve Grubb wrote: > > If there's no agreement with them, should we change anything? > > auparse is working pretty good as is. > > No it's not. The auparse approach is based on tables, tables which have > been shown to be incorrect and tied to kernel versions and the patch set > used to build that kernel version.
Can you show some example of which kernels had one thing and which kernels another? Can you also show patch (I assume you mean a RHEL5 patch) sets on top of kernels which changed things so that 2 kernels would have conflicting output? Hopefully this will help me understand and address your concerns. -Eric -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
