[PATCH 7/7] audit: audit feature to set loginuid immutable
LC Bruzenak
lenny at magitekltd.com
Tue Jul 9 23:51:43 UTC 2013
On 07/09/2013 05:24 PM, Steve Grubb wrote
...
I don't think anyone has plans to write those tools at the moment. That would
be ideal. But even in the case where audit rules don't get loaded, there are
audit events generated by the MAC systems and some hard coded kernel events
and user space events. It would be nice to know they are not tampered with.
...
Question - from the title I had thought this was a good thing. But wasn't loginuid (and subsequently auid) already immutable?
Sorry; just not certain what this change does for the average guy...
Thx,
LCB
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
More information about the Linux-audit
mailing list