Why is syscall auditing on with no rules?
Andi Kleen
andi at firstfloor.org
Sun Feb 2 15:05:48 UTC 2014
Andy Lutomirski <luto at amacapital.net> writes:
> On a stock Fedora installation:
>
> $ sudo auditctl -l
> No rules
I noticed the same recently on a recent opensuse. kauditd is running,
even though I uninstalled all audit related userland long before. I'm sure
the evil "make syscalls slow" flag is set too.
-Andi
--
ak at linux.intel.com -- Speaking for myself only
More information about the Linux-audit
mailing list