Hi,I just want to exlcude some rsync audit log bacause its too noise when if your server act as repository, but when i try several rules to audit.rules files, its not affected, Th... [by heriyanto]
I have a RHEL 5.8 server running Oracle RAC, In audit.rules file I have rule setup to monitor permission changes and file deletion.
There are multiple entries in the file for oracle services (comm=ohasd.bin). which I want to filter out. Could you please advise how can I filter all events generated for ohasd.bin. so that they are not reported in the audit.log
I have a mystery on my hands. One day /etc/rc5.d/S11auditd became /etc/rc5.d/K88auditd and no one takes responsibility for it. It looks like it just happened by itself, which is hardly plausible and requires a little investigation.
Assuming default Fedora 12 installation, what are the ways of tracing actions that led to an auditd being removed initialization sequence?