[PATCH] execve argument logging
Steve Grubb
sgrubb at redhat.com
Fri Apr 21 23:44:55 UTC 2006
On Friday 21 April 2006 17:22, Valdis.Kletnieks at vt.edu wrote:
> which implies to me that I can blat a bit over 128K to the audit log per
> syscall.
Users can do this already. Maybe not as quickly, but they can certainly fill
up your logs if they feel like it. If you do not want this message type in
your logs, then use this in your audit rules:
-a always,exclude -F msgtype=EXECVE
Problem Solved (tm).
-Steve
More information about the Linux-audit
mailing list