Hi Mimi,
On Thursday, April 10, 2014 11:36:15 PM Mimi Zohar wrote:
On Wed, 2014-04-09 at 18:26 -0700, Peter Moody wrote:
On Wed, Apr 09 2014 at 10:19, Steve Grubb wrote:
Missing INTEGRITY_RULE
IMA with an 'audit' rule generates INTEGRITY_RULE messages.
For those of us not really up on
On Fri, 2014-04-11 at 10:07 -0400, Steve Grubb wrote:
Hi Mimi,
On Thursday, April 10, 2014 11:36:15 PM Mimi Zohar wrote:
On Wed, 2014-04-09 at 18:26 -0700, Peter Moody wrote:
On Wed, Apr 09 2014 at 10:19, Steve Grubb wrote:
Missing INTEGRITY_RULE
IMA with an 'audit' rule
On Wed, 2014-04-09 at 18:26 -0700, Peter Moody wrote:
On Wed, Apr 09 2014 at 10:19, Steve Grubb wrote:
Missing INTEGRITY_RULE
IMA with an 'audit' rule generates INTEGRITY_RULE messages.
Missing INTEGRITY_DATA
Failure to collect or appraise file data.
(Requires the filesystem to be
All,
Does there exist a repository of audit events that could be used to test
changes to the audit parsing code?
Although turning on
-a always,exit -F arch=b32 -S all
and
-a always,exit -F arch=b64 -S all
for a while does tend to generate a lot of audit, but it's clearly not
exhaustive so I
On Apr 8, 2014, at 11:25 PM, Burn Alting b...@swtf.dyndns.org wrote:
All,
Does there exist a repository of audit events that could be used to test
changes to the audit parsing code?
Although turning on
-a always,exit -F arch=b32 -S all
and
-a always,exit -F arch=b64 -S all
, 2014-04-09 at 16:25 +1000, Burn Alting wrote:
All,
Does there exist a repository of audit events that could be used to test
changes to the audit parsing code?
Although turning on
-a always,exit -F arch=b32 -S all
and
-a always,exit -F arch=b64 -S all
for a while does tend to generate
there exist a repository of audit events that could be used to test
changes to the audit parsing code?
I don't have one. My count is that there are 144 known events. I created a
testing tool, ausearch-test, that is located here:
http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz
On Wed, Apr 09 2014 at 10:19, Steve Grubb wrote:
Missing INTEGRITY_RULE
IMA with an 'audit' rule generates INTEGRITY_RULE messages.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit