Re: SELinux revisited

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>> # This file contains the auditctl rules that are loaded
>> # whenever the audit daemon is started via the initscripts.
>> # The rules are simply the parameters that would be passed
>> # to auditctl.
>> 
>> # First rule - delete all
>> -D
>> 
>> # Increase the buffers to survive stress events.
>> # Make this bigger for busy systems
>> -b 320
>> 
>> # Feel free to add below this line. See auditctl man page
>> 
>> -a exit,always -S chroot
>> #-a exit,always -S chdir -F obj_type=dhclient_t
>
>I don't know the rule syntax, but just looking at the source, it
 appears
>to me that the rule on line 15 is malformed (at least compared to the
>others). 

All of those rules look fine for audit  package > 1.3 and  kernel probably > 2.6.21. But those rules are not default and would have taken some research to come up with since I know of no public examples of auditing by selinux context.


-Steve


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux