EXT :Re: [RFC] Create an audit record of USB specific details
Boyce, Kevin P (AS)
Kevin.Boyce at ngc.com
Tue Apr 5 13:52:40 UTC 2016
Greg,
> There is no "/proc/usb/" :)
Sorry, maybe /sys/bus/usb/devices was what I was looking for...
> The kernel calls mknod itself on devtmpfs, userspace doesn't do that anymore (hasn't for a long time). Do you get those audit events today?
I'm not auditing those events myself. Just proposing ideas that might produce the sort of information Wade was looking for.
kevin
More information about the Linux-audit
mailing list