Attempting to audit stime() syscall gives the error : "Syscall name unknown: stime"
Issue
-
Auditd will not accept stime() as a valid syscall.
# auditctl -a always,exit -F arch=x86_64 -S stime -k time-change Syscall name unknown: stime
Environment
-
Red Hat Enterprise Linux 5.5
-
audit-1.7.17-3.el5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.