Sorry, forgot to include that! [root@host1 ~]# uname -r 2.6.32-131.21.1.el6.x86_64 [root@host1 ~]# auditctl -s AUDIT_STATUS: enabled=1 flag=0 pid=24173 rate_limit=0 backlog_limit=8192 lost=124822501 backlog=0
It's a RHEL6.1 server. Cheers, Max -----Original Message----- From: Steve Grubb [mailto:[email protected]] Sent: 20 December 2011 19:03 To: [email protected] Cc: Max Williams Subject: Re: Path ignored but syscall event still logged On Tuesday, December 20, 2011 12:55:49 PM Max Williams wrote: > How come this event is not ignored due to the 8th rule? I think I'm > missing something. One piece of information is missing. The enforcement of the audit policy is done by the kernel. What do you get for uname -r? -Steve ________________________________________________________________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ________________________________________________________________________ -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
