Audit log file perms
Steve Grubb
sgrubb at redhat.com
Thu Aug 1 17:54:55 UTC 2013
On Thursday, August 01, 2013 12:34:20 PM John Bambenek wrote:
> What controls that?
The audit daemon.
> I have noticed /var/log/audit directory changes to a
> default setting quickly and file rotation resets it as well.
It defaults to 0600 unless you have set something for log_group and in that
case you get 0640. Rotation is done using the rename syscall, so no
permissions should be changing. Logs are created as 0640 root, root. But get
modified as the audit daemon gets more of its configuration parsed.
-Steve
More information about the Linux-audit
mailing list