On Friday 12 March 2010 02:44:22 am Juraj Hlista wrote: > An audit rule can have more than 1 key, the keys can be of > different types (only AUDIT_FILTERKEY for now)
We discussed this about 2 years ago and came up with this solution: https://www.redhat.com/archives/linux-audit/2008-March/msg00125.html > For example, it is possible to create a rule such as: > auditctl -a exit,always -F path=/file -F key=k1 -F key=k2 -F key=k3 Any audit package since 1.7 supports this syntax already. What does this patch provide that we don't already have? IOW, we already solved this problem 2 years ago, I am wondering if you knew we already can do this? -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
