Quoting Steve G <linux_4ever@xxxxxxxxx>:
This is all in work. The 0.7.4 audit package has some information about setting
file watches (auditctl -w -p ). However, you need to have a kernel that's patched
for it. We are still peer reviewing this capability. I think we have just a few
more locking issues to solve and then it will be sent to lkml. I have put the
tools into FC4 so that when the file system auditing patch does go upstream & you
do a kernel update, everything starts working.
Sounds like great news.
I take it that even if I fire up auditd on RHEL4 today, and attempt to play with
auditctl, it isn't going to work until there is updated kernel (or I
patch/recompile existing kernel)?
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
