Bug#759604: Any problem with making auditd log readable by the adm group?
Laurent Bigonville
bigon at debian.org
Wed May 11 07:55:33 UTC 2016
Le 09/05/16 à 21:07, intrigeri a écrit :
> Hi,
Hey,
> in Debian, the convention for many log files is to make them readable
> by members of the adm group. We're considering doing the same for the
> auditd logs, in order to make apparmor-notify work out-of-the-box.
Shouldn't apparmor-notify use the audispd to get the events instead of
parsing directly the logs?
I'm not objecting changing the permissions in debian, but I'm wondering
if it shouldn't be better to do it like that, I think that the
setroubleshoot (a SELinux troubleshooting service used in RHEL/Fedora)
is doing it like that.
Cheers,
Laurent Bigonville
More information about the Linux-audit
mailing list