From: Paul Moore <p...@paul-moore.com>
If the point of the lost_reset test is to flood the system with audit
records, why are we restricting ourselves with a filter? Let's log
everything.
Signed-off-by: Paul Moore <p...@paul-moore.com>
---
tests/lost_reset/test | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/lost_reset/test b/tests/lost_reset/test
index af82f0b..054e1e0 100755
--- a/tests/lost_reset/test
+++ b/tests/lost_reset/test
@@ -57,7 +57,7 @@ for ( $i = 0 ; $i < $iterations ; $i++ ) { # iteration
count
# Add rule to generate audit queue events from floodping
$result =
- system("auditctl -a exit,always -S all -F pid=$ping_pid >/dev/null
2>&1");
+ system("auditctl -a exit,always -S all >/dev/null 2>&1");
my $counter = 0;
my $timeout = 50;
@@ -82,7 +82,7 @@ for ( $i = 0 ; $i < $iterations ; $i++ ) { # iteration
count
}
kill 'TERM', $ping_pid;
- system("auditctl -d exit,always -S all -F pid=$ping_pid >/dev/null 2>&1");
+ system("auditctl -d exit,always -S all >/dev/null 2>&1");
# Restart the daemon to collect messages in the log
system("service auditd start >/dev/null 2>&1");
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
