>I am using the default that is in RHEL 4 which is 1.0.3. Should this version >work or do I need to upgrade to 1.1-1? 1.0.3 does work. The other component is the kernel since it is what actually performs the audit. You should be using the -22 kernel at a minimum. My guess is that you don't have the rule exactly right. I would need know the dir that you are wanting to audit, to see the output of mount to see your mount table, the output of running stat on the partition to determine the major & minor numbers, and auditctl -l to see what is in effect. You can send it off list if you need me to help. >If I do need to upgrade then do you know how to uninstall the previous >version? You do not need to upgrade. 1.0.12 is the version for FC4 & RHEL4. 1.1 is for FC5 and future RHEL. >I tried to install 1.1-1 but after the --rebuild I tried to double-click >the RPMs and it complained about the 1.0.3 version wanted its lib rpm. You should just be able to do rpm -Fvh /path-to-rpms/audit-* The audit srpm produces 3 packages. Do not upgrade RHEL4 to 1.1. Hope this helps... -Steve __________________________________ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/ -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
