All, Is there a listing somewhere that explains what various exit codes in auditd are?
For example, we are getting some exit=-17 entries in our logs, and we have narrowed it down to an init script that tries to create a directory that already exists. So, we are pretty sure exit=-17 means that a directory already exits. It would be nice if we knew all codes and their translation, whether it be exit=-2, exit=-22, exit=-6, or exit=-17 and so on. I have yet to find that explained anywhere. Any info would be greatly appreciated and would help us fine tune our audit.rules file. Chad Vaughn -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
