On Thursday 28 January 2010 04:21:05 pm Harmon, Jeffrey D wrote: > Is there a version of nispom.rules that will work with "Audit-1.0.16" > on RHEL WS 4??
The nispom rules were written during RHEL5's lifetime. The earliest copy is found here: http://people.redhat.com/sgrubb/audit/audit-1.5.tar.gz Look in the contrib directory for nispom.rules. You might try editing each rule that starts with "-a" and remove the "-k name" at the end of each rule. If it complains that a syscall is unknown, then delete that syscall since the RHEL4 kernel doesn't know about it. Shouldn't take more than 2-3 minutes to get it working. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
