Bug 495711 - Some audit rules will not load even though they are correct
Some audit rules will not load even though they are correct
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: audit (Show other bugs)
5.3
All Linux
urgent Severity high
: rc
: ---
Assigned To: Steve Grubb
BaseOS QE
: ZStream
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-14 09:55 EDT by Steve Grubb
Modified: 2010-10-14 04:11 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-22 08:58:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:0443 normal SHIPPED_LIVE audit bug fix update 2009-04-22 08:58:21 EDT

  None (edit)
Description Steve Grubb 2009-04-14 09:55:33 EDT
Description of problem:
Some audit rules fail to work. For example:
auditctl -a exit,always -F arch=b64 -S pread -F 'ppid=1'

Version-Release number of selected component (if applicable):
audit-1.7.7-6

How reproducible:
always

Steps to Reproduce:
1. auditctl -a exit,always -F arch=b64 -S pread -F 'ppid=1'

 
Actual results:
ppid=1 can only be used with exit and entry filter list

Expected results:
rule loaded into kernel

Additional info:
Comment 7 Steve Grubb 2009-04-15 15:47:18 EDT
audit-1.7.7-6.el5.3.2 was built to resolve this problem.
Comment 11 errata-xmlrpc 2009-04-22 08:58:26 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0443.html

Note You need to log in before you can comment on or make changes to this bug.