Steve Grubb
Steve Grubb
I'd be happy to help flesh out the requirements. There's 2 kinds of requirements...the ones for common criteria, and the extra information you might want not required by CC. CC...
I noticed the same thing and fixed it soon after 1.1 was out. Just use the spec file in the github repo. It has one other fix that's needed. As...
What version of rpm are you using? It seems have a different behavior. Changing the version in the spec file is an expected change. The spec file that is shipped...
I think, historically, rpm never required the file to exist. Regardless of what is written as a specification, if they actually enforced that the file must exist, it would break...
Support is already in place to send audit events to different destinations on a rule by rule basis. At this point, I don't think we can alter that. And I...
Well, if the rule says audit and the config says syslog, then you've overridden the rule. Debug mode was envisioned for testing rather than for recording. There are times when...
This is a good point. We will think about it.
> this feature still ain't been implemented yet? Nope.
One possibility is that we add a ppid attribute which could then be matched to the kernel. We are still kicking around ideas.
Support for using ppid has been added with commit 1e1c427. Kthreads will be ppid 2. Let me know if this solves your issue.