On Fri, 2011-05-20 at 16:14 +0100, Mr Dash Four wrote:
I am having difficulty in trying to exclude a certain type of
messages
for certain SELinux types being reported to the auditd daemon.
In particular, I would like to exclude the following from being reported
(and thus filling up my audit logs unnecessarily):
msgtype={USER_ACCT|CRED_ACQ|USER_START|CRED_DISP|USER_END}
obj_type=crond_t
success=0
I do not know the answer to your question, but i suspect you will stand
a better chance at finding a good answer on the linux-audit list.
You can subscribe here:
https://www.redhat.com/mailman/listinfo/linux-audit
Note though that this list is moderated. So it may be a while before
your request for subscription is processed.