Do you have a question? Post it now! No Registration Necessary. Now with pictures!
January 17, 2006, 12:33 pm
rate this thread
I want to add some new rules to the auditing system of Linux at file
for example, if I want to log the accesses to the squid log files thru
the following rule:
predicate is-squid-log = prefix(/var/log/squid)
syscall @file-ops = is-squid-log(arg0);
and reload service audit and test it reading one file at /var/log/squid
directory the audit system no log this access.
Is ok this rule?
Thank you in advance.
Other system config:
audit 0:desactivado 1:desactivado 2:activo 3:activo
4:activo 5:activo 6:desactivado
dev.audit.debug = 0
dev.audit.paranoia = 0
dev.audit.max-messages = 1024
dev.audit.allow-suspend = 1
dev.audit.attach-all = 1
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security