On Tuesday 04 March 2008 16:21:01 John Dennis wrote: > These are the encoded audit strings in kernel 2.6.24 (Fedora):
Reorganized: Field 24 18 auparse a[0-9]+ X acct X cmd X comm X X X cwd X X X data X dir X X exe X X X file X key X X X msg X name X X X new X X old X X path X X X watch X Of these, A0-4 is probably from the execve patch. I have no idea what the status of this patch is and if its upstream. I've not seen the records so this would be something very new. acct & cmd is a userspace thing data, I need to go hunt this down. I don't like the name so it will probably need to change in the kernel msg, name collision it has to change wherever it is in the kernel new, old, these sound like bugs. They need to get fixed in the kernel file & watch are probably legacy from RHEL4 I think. It can probably be deleted. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
