[PATCH] audit config lockdown

[Casey Schaufler]

--- Steve Grubb <sgrubb at redhat.com> wrote:

> Hi,
> 
> The following patch adds a new mode to the audit
> system. It uses the
> audit_enabled config option to introduce the idea of
> audit enabled, but
> configuration is immutable. Any attempt to change
> the configuration 
> while in this mode is audited. To change the audit
> rules, you'd need to
> reboot the machine.

I don't expect it to be popular, but I like it.


Casey Schaufler
casey at schaufler-ca.com