Quoting Steve G <linux_4ever(a)yahoo.com>:
This is all in work. The 0.7.4 audit package has some information
about setting
file watches (auditctl -w -p ). However, you need to have a kernel
that's patched
for it. We are still peer reviewing this capability. I think we have
just a few
more locking issues to solve and then it will be sent to lkml. I have put the
tools into FC4 so that when the file system auditing patch does go
upstream & you
do a kernel update, everything starts working.
Sounds like great news.
I take it that even if I fire up auditd on RHEL4 today, and attempt to
play with
auditctl, it isn't going to work until there is updated kernel (or I
patch/recompile existing kernel)?
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.