splitting up auditctl
Timothy R. Chavez
tinytim at us.ibm.com
Fri Sep 23 18:47:49 UTC 2005
Hi,
It was suggested to me that perhaps splitting out auditctl's functionality
logically into separate tools, might be something to consider. For instance,
adding and removing rules could be done by the 'aurule' command, leaving
'auditctl' to handle things like backlog, rate limits, enabling and disabling
of the audit subsystem, etc. I have to admit, I quite like the idea.
I'm not a big fan of all-in-wonder tools and that if we could, we should split
auditctl up before it turns into a menagerie of ideas that are linked simply
by the fact they interact or utilize the audit subsystem in some way, shape,
or form.
-tim
More information about the Linux-audit
mailing list