From: Paul Moore <p...@paul-moore.com> If the point of the lost_reset test is to flood the system with audit records, why are we restricting ourselves with a filter? Let's log everything.
Signed-off-by: Paul Moore <p...@paul-moore.com> --- tests/lost_reset/test | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/lost_reset/test b/tests/lost_reset/test index af82f0b..054e1e0 100755 --- a/tests/lost_reset/test +++ b/tests/lost_reset/test @@ -57,7 +57,7 @@ for ( $i = 0 ; $i < $iterations ; $i++ ) { # iteration count # Add rule to generate audit queue events from floodping $result = - system("auditctl -a exit,always -S all -F pid=$ping_pid >/dev/null 2>&1"); + system("auditctl -a exit,always -S all >/dev/null 2>&1"); my $counter = 0; my $timeout = 50; @@ -82,7 +82,7 @@ for ( $i = 0 ; $i < $iterations ; $i++ ) { # iteration count } kill 'TERM', $ping_pid; - system("auditctl -d exit,always -S all -F pid=$ping_pid >/dev/null 2>&1"); + system("auditctl -d exit,always -S all >/dev/null 2>&1"); # Restart the daemon to collect messages in the log system("service auditd start >/dev/null 2>&1"); -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit