I take it that even if I fire up auditd on RHEL4 today, and attempt to
play with auditctl, it isn't going to work until there is updated kernel
(or I patch/recompile existing kernel)?
Right. There's roughly 20-30 patches against the RHEL4 kernel at this point. Some
of which are experimental and not accepted upstream and therefore likely to
change. FC4 has everything in it that is currently accepted upstream. It would be
easier to experiment with FC4 at this point.
-Steve
__________________________________
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail