> So...your kernel is not supporting this. You'd need to dig through the kernel
source to find this. I don't think I can help much past this point as I'm not
familiar with the Debian kernels.
Thanks for the confirmation you helped me a lot
On Tue, Dec 4, 2018 at 11:09 AM Steve Grubb wrote:
>
>
On Tuesday, December 4, 2018 10:15:47 AM EST Vincent Fiset wrote:
> > strace /sbin/auditctl -a always,exclude -F msgtype=CWD > log 2>&1
>
> Unfortunately I already tried that before, strace was not revealing
> anything obvious (for me at least)
There's info in there.
> sendto(4,
>
> > here are the flags that I see in proc/config:
> >
> > $ zgrep -i audi /proc/config.gz
> > CONFIG_AUDIT_ARCH=y
> > CONFIG_AUDIT=y
> > CONFIG_HAVE_ARCH_AUDITSYSCALL=y
> > CONFIG_AUDITSYSCALL=y
> > CONFIG_AUDIT_WATCH=y
> > CONFIG_AUDIT_TREE=y
> > CONFIG_NETFILTER_XT_TARGET_AUDIT=m
> >
On Tuesday, December 4, 2018 9:26:29 AM EST Vincent Fiset wrote:
> here are the flags that I see in proc/config:
>
> $ zgrep -i audi /proc/config.gz
> CONFIG_AUDIT_ARCH=y
> CONFIG_AUDIT=y
> CONFIG_HAVE_ARCH_AUDITSYSCALL=y
> CONFIG_AUDITSYSCALL=y
> CONFIG_AUDIT_WATCH=y
> CONFIG_AUDIT_TREE=y
>
$ zgrep -i audi /proc/config.gz
CONFIG_AUDIT_ARCH=y
CONFIG_AUDIT=y
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
CONFIG_AUDITSYSCALL=y
CONFIG_AUDIT_WATCH=y
CONFIG_AUDIT_TREE=y
CONFIG_NETFILTER_XT_TARGET_AUDIT=m
CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
# CONFIG_KVM_MMU_AUDIT is not set
#
> On Monday, December 3, 2018 12:26:39 PM EST Vincent Fiset wrote:
> > I got a minimal audit.rules file containing:
> >
> > # cat -n /etc/audit/audit.rules
> > 1 -D
> > 2
> > 3 -b 8192
> > 4
> > 5 -e 0
>
> Why are you ^^^ disabling the audit system? You may want to try
On Monday, December 3, 2018 12:26:39 PM EST Vincent Fiset wrote:
> I got a minimal audit.rules file containing:
>
> # cat -n /etc/audit/audit.rules
> 1 -D
> 2
> 3 -b 8192
> 4
> 5 -e 0
Why are you ^^^ disabling the audit system? You may want to try commenting
that out.