How to define rule for SERVICE_START/STOP?
Gisela Cheng
giselac at us.ibm.com
Mon Aug 4 19:16:18 UTC 2014
We want to use Linux audit type SERVICE_START/STOP for our application
running as service.
But I am not able to find example on how to use auditctl to define the
rule. It seems to me that
all the examples are of rules defined for system_calls. Questions:
1. Can I use audit type SERVICE_START/STOP for my application runs as
service? or would it
be considered as type USR_CMD?
2. How do I use auditctl to define rule for SERVICE_START/STOP? Can you
direct/point me
to URL/documentation where it is documented?
Thanks.
Gisela Cheng
giselac at us.ibm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20140804/3346ed20/attachment.htm>
More information about the Linux-audit
mailing list