Re: [PATCH] typo in audit_rules_file_deletion_events description

Shawn Wells Tue, 20 May 2014 12:35:20 -0700


On 5/20/14, 3:33 PM, Paul Tittle wrote:

---
  RHEL/6/input/system/auditing.xml |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)


diff --git a/RHEL/6/input/system/auditing.xml b/RHEL/6/input/system/auditing.xml
index 3ac27e6..4b0af89 100644
--- a/RHEL/6/input/system/auditing.xml
+++ b/RHEL/6/input/system/auditing.xml
@@ -1206,7 +1206,7 @@ loss.</rationale>
  deletion events for all users and root. Add the following to
  <tt>/etc/audit/audit.rules</tt>, setting ARCH to either b32 or b64 as
  appropriate for your system:
-<pre>-a always,exit -F arch=ARCH S rmdir -S unlink -S unlinkat -S rename -S renameat -F 
auid&gt;=500 -F auid!=4294967295 -k delete</pre>
+<pre>-a always,exit -F arch=ARCH -S rmdir -S unlink -S unlinkat -S rename -S renameat -F 
auid&gt;=500 -F auid!=4294967295 -k delete</pre>
  </description>
  <ocil>
  <audit-syscall-check-macro syscall="unlink" />


ack

--
Shawn Wells
Director, Innovation Programs
[email protected] | 443.534.0130
@shawndwells

_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Re: [PATCH] typo in audit_rules_file_deletion_events description

Reply via email to