Jamie Nguyen
dysco****@gmail*****
Tue Dec 14 09:14:41 JST 2010
Tetsuo Handa wrote: > OK. I implemented it for ccs-auditd part. (Revision 4192.) > > An audit log consists with three lines. You can refer the first line using > 'Header' keyword, the second line using 'Domain' keyword, and the third line > using 'ACL' keyword. > > Words in each line are separated by a space character. Therefore, you can use > 'Header[index]', 'Domain[index]', 'ACL[index]' for referring index'th word of > the line. The index starts from 1, and 0 refers the whole line (i.e. > 'Header[0]' = 'Header', 'Domain[0]' = 'Domain', 'ACL[0]' = 'ACL'). Great, I like this. > Below is default configuration for /etc/ccs/tools/auditd.conf . > Any questions or comments? > > # Discard all granted logs. > Header.contains: granted=yes > Destination: /dev/null > > # Save rejected logs with profile=0 to /var/log/tomoyo/reject_000.log > Header.contains: profile=0 > Destination: /var/log/tomoyo/reject_000.log > > # Save rejected logs with profile=1 to /var/log/tomoyo/reject_001.log > Header.contains: profile=1 > Destination: /var/log/tomoyo/reject_001.log > > # Save rejected logs with profile=2 to /var/log/tomoyo/reject_002.log > Header.contains: profile=2 > Destination: /var/log/tomoyo/reject_002.log > > # Save rejected logs with profile=3 to /var/log/tomoyo/reject_003.log > Header.contains: profile=3 > Destination: /var/log/tomoyo/reject_003.log Purely from an aesthetic point of view, I prefer just a space instead of using a colon. Also, I would suggest for all characters in the syntax to be lower case. Most configuration files I have come across use only lower case, and TOMOYO Linux keywords (e.g. path_group) are lower case: header.contains profile=1 destination /var/log/tomoyo/reject_001.log Kind regards
TOMOYO
Fork