Removal of audit rules with audit start
Casey Schaufler
casey at schaufler-ca.com
Tue Feb 15 16:07:32 UTC 2005
--- Steve Grubb <sgrubb at redhat.com> wrote:
> I'm not sure a sighup makes sense for this daemon.
The technical difficulties aside, it is
very useful in just about any environment
to have the abilty to goose the audit daemon.
The use of the audit trail as a validation
scheme is hugely valuable. You should go out
of your way to support it if you want the
audit trail to be widely adopted. None of
the Irix evaluations would have gotten finished
had we been unable to SIGHUP the audit daemon.
In production environments shutting down and
restarting audit is just not an option. You need
a way to refresh the audit characteristics
on the fly.
=====
Casey Schaufler
casey at schaufler-ca.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Linux-audit
mailing list