AVC messages
Klaus Weidner
klaus at atsec.com
Wed Jan 5 16:38:14 UTC 2005
On Tue, Jan 04, 2005 at 02:53:59PM -0500, Steve Grubb wrote:
> I was looking at my audit logs and have a question. Does the SE Linux AVC
> denial messages constitute something that ought to be in the audit logs? Or
> does it belong in syslog?
>
> I agree that it is important information...just curious where it should really
> live.
This kind of information is not relevant for CAPP, but is needed for LSPP
and similar profiles. For LSPP, it needs to be configurable in the same
way as other permission events, the profile requires that events can be
filtered by user identity.
-Klaus
More information about the Linux-audit
mailing list