On Tue, Dec 4, 2018 at 3:07 AM Ondrej Mosnacek wrote:
> On Sat, Dec 1, 2018 at 5:50 PM Steve Grubb wrote:
> > On Tuesday, November 13, 2018 11:30:55 AM EST Paul Moore wrote:
> > > On Tue, Nov 13, 2018 at 10:25 AM Ondrej Mosnacek
> > wrote:
> > > > On Tue, Nov 6, 2018 at 9:19 PM Paul Moore
> So...your kernel is not supporting this. You'd need to dig through the kernel
source to find this. I don't think I can help much past this point as I'm not
familiar with the Debian kernels.
Thanks for the confirmation you helped me a lot
On Tue, Dec 4, 2018 at 11:09 AM Steve Grubb wrote:
>
>
On Tuesday, December 4, 2018 10:15:47 AM EST Vincent Fiset wrote:
> > strace /sbin/auditctl -a always,exclude -F msgtype=CWD > log 2>&1
>
> Unfortunately I already tried that before, strace was not revealing
> anything obvious (for me at least)
There's info in there.
> sendto(4,
>
> > here are the flags that I see in proc/config:
> >
> > $ zgrep -i audi /proc/config.gz
> > CONFIG_AUDIT_ARCH=y
> > CONFIG_AUDIT=y
> > CONFIG_HAVE_ARCH_AUDITSYSCALL=y
> > CONFIG_AUDITSYSCALL=y
> > CONFIG_AUDIT_WATCH=y
> > CONFIG_AUDIT_TREE=y
> > CONFIG_NETFILTER_XT_TARGET_AUDIT=m
> >
On Tuesday, December 4, 2018 9:26:29 AM EST Vincent Fiset wrote:
> here are the flags that I see in proc/config:
>
> $ zgrep -i audi /proc/config.gz
> CONFIG_AUDIT_ARCH=y
> CONFIG_AUDIT=y
> CONFIG_HAVE_ARCH_AUDITSYSCALL=y
> CONFIG_AUDITSYSCALL=y
> CONFIG_AUDIT_WATCH=y
> CONFIG_AUDIT_TREE=y
>
$ zgrep -i audi /proc/config.gz
CONFIG_AUDIT_ARCH=y
CONFIG_AUDIT=y
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
CONFIG_AUDITSYSCALL=y
CONFIG_AUDIT_WATCH=y
CONFIG_AUDIT_TREE=y
CONFIG_NETFILTER_XT_TARGET_AUDIT=m
CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
# CONFIG_KVM_MMU_AUDIT is not set
#
On Sat, Dec 1, 2018 at 5:50 PM Steve Grubb wrote:
> On Tuesday, November 13, 2018 11:30:55 AM EST Paul Moore wrote:
> > On Tue, Nov 13, 2018 at 10:25 AM Ondrej Mosnacek
> wrote:
> > > On Tue, Nov 6, 2018 at 9:19 PM Paul Moore wrote:
> > > > On Tue, Nov 6, 2018 at 3:09 AM Ondrej Mosnacek
>