On Fri, 2011-05-20 at 16:14 +0100, Mr Dash Four wrote: > I am having difficulty in trying to exclude a certain type of messages > for certain SELinux types being reported to the auditd daemon. > > In particular, I would like to exclude the following from being reported > (and thus filling up my audit logs unnecessarily): > > msgtype={USER_ACCT|CRED_ACQ|USER_START|CRED_DISP|USER_END} > obj_type=crond_t > success=0 I do not know the answer to your question, but i suspect you will stand a better chance at finding a good answer on the linux-audit list. You can subscribe here: https://www.redhat.com/mailman/listinfo/linux-audit Note though that this list is moderated. So it may be a while before your request for subscription is processed.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux