Fw: Audit record emission
Chris Wright
chrisw at osdl.org
Thu May 5 21:34:02 UTC 2005
* Linda Knippers (linda.knippers at hp.com) wrote:
> I can usually, but not always, reproduce record loss with a program
> similar to one of Kris' tests, but with fewer than 200 iterations.
> I haven't tried fooling with the auditd.conf parameters yet, so I
> was curious about the stress.conf file.
I always get drops with the following simple setup (default auditd.conf):
$ sudo auditctl -a entry,always -S open -F uid=23
$ sudo -u '#23' bash
$ while :; do < /dev/null; done
It's pathological, but always overloads the system which is useful for
testing.
thanks,
-chris
More information about the Linux-audit
mailing list