On 11/05/2012 11:47 AM, ken wrote:
1) It will give you the name of the target file. However unless you have
full syscall auditing turned on the audit subsystem doesn't have the
full path information. You could turn it on but it introduces some
overhead. To do this you just have to include one rule with auditctl or
you can put it in /etc/audit/audit.rules
What rule-- what text do I type in /etc/audit/audit.rules to turn on
full syscall auditing?
Any rule at all. Example:
# echo “-w /etc/shadow -p w” >> /etc/audit/audit.rules
# service auditd restart
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
