Answer the question
In order to leave comments, you need to log in
V
V
VN2021-12-07 17:20:26
VN, 2021-12-07 17:20:26
What is the bitness problem with auditd?
I run in a virtual machine
arch
x86_64When I try to add a simple rule, I get an error
auditctl -a exit,always -S open -F path=/etc/WARNING - 32/64 bit syscall mismatch, you should specify an arch
Error sending add rule data request (Invalid argument)On the Internet they write that this message can be safely ignored, but if you look at the rules, then it is empty
auditctl -l
No rulestried to hide the architecture
auditctl -a always,exit -F arch=b32 -S open -F path=/etc/
Error sending add rule data request (Invalid argument)
auditctl -a always,exit -F arch=b64 -S open -F path=/etc/
Error sending add rule data request (Invalid argument)Nothing changes, list of rules is empty
1 answer(s)
@kavabangaungava
V
Vitsliputsli, 2021-12-07 @kavabangaungava
The list and action are interchanged, and the path to the file must be specified. More or less like this:
auditctl -a exit,always -F arch=b64 -S open -F path=/etc
Similar questions
A
V
P
J
jidckii2015-09-15 17:29:29
Which SUSE-Linux-Enterprise-Server-11-SP3 repositories to connect?
2Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question