Warron, As you have suggested, and Ondrej has confirmed, you can monitor the executables, but what is the outcome you desire?
Do you want to know if the commands have run and hence may have changed what has been deployed/configured, or are you interested in something else? Perhaps the current state of patching or actually what has been installed? Rgds Burn On Mon, 2017-07-03 at 10:41 +0200, Ondrej Moris wrote: > Hi, there is no event type associated with rpm or yum. But using -F > exe= filters for yum/rpm binaries is really the best option. > -- > Ondrej > > On Mon, Jul 3, 2017 at 5:08 AM, warron.french <[email protected]> wrote: > > Is there an audit system call associated with the use of rpm or yum? > > > > Or is it best to setup a watch rule for both executables? > > > > > > -------------------------- > > Warron French > > > > > > -- > > Linux-audit mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/linux-audit > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
