[PATCH] audit config lockdown
Casey Schaufler
casey at schaufler-ca.com
Fri Jan 19 19:48:54 UTC 2007
--- Steve Grubb <sgrubb at redhat.com> wrote:
> Hi,
>
> The following patch adds a new mode to the audit
> system. It uses the
> audit_enabled config option to introduce the idea of
> audit enabled, but
> configuration is immutable. Any attempt to change
> the configuration
> while in this mode is audited. To change the audit
> rules, you'd need to
> reboot the machine.
I don't expect it to be popular, but I like it.
Casey Schaufler
casey at schaufler-ca.com
More information about the Linux-audit
mailing list