Any problem with making auditd log readable by the adm group?
Steve Grubb
sgrubb at redhat.com
Mon May 9 19:33:16 UTC 2016
On Monday, May 09, 2016 09:07:11 PM intrigeri wrote:
> in Debian, the convention for many log files is to make them readable
> by members of the adm group. We're considering doing the same for the
> auditd logs, in order to make apparmor-notify work out-of-the-box.
>
> The maintainer of auditd in Debian would like to know what's your take
> on it. What kind of problem could be created if we did that?
I can't think of any problems. Just set the log_group = adm in auditd.conf and
fixup the packaging to have that as the group owner. Auditd should create the
logs with 0640 permissions.
-Steve
More information about the Linux-audit
mailing list