file, executable, and policy
Stephen Smalley
sds at tycho.nsa.gov
Mon Nov 5 18:49:47 UTC 2012
On 11/05/2012 11:47 AM, ken wrote:
>> 1) It will give you the name of the target file. However unless you have
>> full syscall auditing turned on the audit subsystem doesn't have the
>> full path information. You could turn it on but it introduces some
>> overhead. To do this you just have to include one rule with auditctl or
>> you can put it in /etc/audit/audit.rules
>
> What rule-- what text do I type in /etc/audit/audit.rules to turn on
> full syscall auditing?
Any rule at all. Example:
# echo “-w /etc/shadow -p w” >> /etc/audit/audit.rules
# service auditd restart
More information about the selinux
mailing list