Hi! Thanks in advance for the replies. I want to exclude all audit entries for cron executions.
The line i've pasted here was an example. Thanks! Laura El 18/09/2012 18:50, "Laura Martín" <[email protected]> escribió: > Hi all, > > I'm trying to exclude cron events from audit logging. I can't see how can > I do to only exclude this kind of entries: > > > ---- > time->Mon Sep 17 11:00:01 2012 > type=PATH msg=audit(1347872401.521:5212): item=0 > name="/etc/pam.d/system-auth" inode=33635 dev=fd:00 mode=0100644 ouid=0 > ogid=0 rdev=00:00 > type=CWD msg=audit(1347872401.521:5212): cwd="/var/spool" > type=SYSCALL msg=audit(1347872401.521:5212): arch=c000003e syscall=2 > success=yes exit=5 a0=2b5b7b627300 a1=0 a2=1b6 a3=0 items=1 ppid=11640 > pid=1965 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 > fsgid=0 tty=(none) ses=4294967295 comm="crond" exe="/usr/sbin/crond" > key=(null) > ---- > > I didn't see any option to exclude events by 'exe' or 'comm' field. > > Any hints? > > Thanks in advance, Laura > >
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
