jay-katta
commented
7 years ago Soon will send the fix for this issue.
Open jay-katta opened 7 years ago
jay-katta
commented
7 years ago Soon will send the fix for this issue.
When we create system calls from UI, system calls are getting constructed in the following format - -a always,exit -F arch=b64 -S exit,read,write,open -F key=testscrule
But when we import same rule in different format - -a always,exit -F arch=b64 -S exit -S read -S write -S open -F key=testscrule
loaded rules is becoming as - -a always,exit -F arch=b64 -S exit,read,write,open -F key=testscrule and persisted rule is as - -a always,exit -F arch=b64 -S exit -S read -S write -S open -F key=testscrule
Hence, in UI when we list rules, these two are listing as two rules, one as loaded and another as persisted