Why exclude unset auid in STIG rules

Wyatt, Curtis Curtis.Wyatt at gd-ms.com
Wed May 11 18:32:51 UTC 2016

Previous message (by thread): aureport style output for syslog?
Next message (by thread): Why exclude unset auid in STIG rules
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I don't understand why the STIG audit rules have -F auid!=4294967295 in it.  If auid is unset, why wouldn't you still want to see the events in the logs?

Curtis

Previous message (by thread): aureport style output for syslog?
Next message (by thread): Why exclude unset auid in STIG rules
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list