On 12/29/2016 03:57 PM, Patrick O'Callaghan wrote: > On Thu, 2016-12-29 at 10:53 -0800, Rick Stevens wrote: >>> Which seems to indicate that the boolean is already set, but the audit flood continues. >> >> Ok, yeah, that's what I've got. >> >> As to the auditctl line, the "exe=" clause can only be used on the >> "exit" list. I think what you want is: >> >> sudo auditctl -a exit,never -F exe=/opt/google/chrome/chrome >> >> e.g. "append a rule to the exit list so that it never generates an >> audit record for that executable". > > I think you're right, though it requires a close reading of the man > page to understand this. Anyway I've enabled it in the audit rules and > so far it seems to work. Huzzah! Hope that's "the magic bullet" for you. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - To understand recursion, you must first understand recursion. - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
