Running multiple audit service clients
Max Timchenko
maxvt at bu.edu
Wed Feb 10 21:28:26 UTC 2016
Dear all,
I have a situation where there are two audit clients on the same machine:
one of them is auditd, and another one is an IDS client that uses the audit
subsystem directly. By looking at the source (
http://lxr.free-electrons.com/source/kernel/audit.c?v=3.13#L787), I suspect
that there might be no provision in the kernel for multiple audit subsystem
userland daemons running in parallel (only one pid, only one netlink socket
in the kernel). I could not find any documentation confirming or denying
that.
Has anyone tried that before? What would actually happen if two different
audit clients tried to use the same interface to the audit subsystem in the
kernel?
Yours,
--
Max
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160210/3918cd16/attachment.htm>
More information about the Linux-audit
mailing list