Hi All, Sorry to bug you but is this issue I'm having a bug or have I made a mistake in the rules? Is there another way I could exclude this directory from auditd? We have licenses for these servers so I could open a case if need be. Many thanks, Max
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Max Williams Sent: 06 January 2012 17:26 To: [email protected] Subject: RE: Path ignored but syscall event still logged Any update on this Steve? The other ignore rules seem to work, just not that one. Thanks, Max -----Original Message----- From: Steve Grubb [mailto:[email protected]] Sent: 21 December 2011 19:25 To: [email protected] Cc: Max Williams Subject: Re: Path ignored but syscall event still logged On Wednesday, December 21, 2011 07:17:01 AM Max Williams wrote: > Sorry, forgot to include that! > > [root@host1 ~]# uname -r > 2.6.32-131.21.1.el6.x86_64 > [root@host1 ~]# auditctl -s > AUDIT_STATUS: enabled=1 flag=0 pid=24173 rate_limit=0 > backlog_limit=8192 > lost=124822501 backlog=0 Initial assessment, the kernel patch that discards events might only work on open(2). Eric is looking to see if this can be safely broadened. -Steve > On Tuesday, December 20, 2011 12:55:49 PM Max Williams wrote: > > How come this event is not ignored due to the 8th rule? I think I'm > > missing something. > > One piece of information is missing. The enforcement of the audit > policy is done by the kernel. What do you get for uname -r? > > -Steve ________________________________________________________________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ________________________________________________________________________ -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit ________________________________________________________________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ________________________________________________________________________ -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
