On Monday, January 16, 2023 11:15:46 AM EST Avtansh Gupta wrote: > Hello All, > > Please could you help me understand the difference between the following > flags which are being used? > > AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH
This ^^^ means the kernel supports -F exe= in the rules. https://listman.redhat.com/archives/linux-audit/2015-August/010585.html > AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND This ^^^ means that the exclude filter supports many more kinds of fields than the original design allowed for. https://listman.redhat.com/archives/linux-audit/2016-June/011433.html For upstream kernels and ones derived after it was release, the second implies the first one is already included. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
