audit events w/o audit rules?
Todd Heberlein
todd_heberlein at mac.com
Mon Mar 12 18:16:28 UTC 2018
I am using a Linux system (RHEL 6.9) with no audit rules set:
$ sudo auditctl -l
No rules
but some data is still populating the audit log file
/var/log/audit/audit.log
Are there processes (or kernel code) that generate their own audit events that bypass the configured audit rules?
Thanks,
Todd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20180312/0f2c7e96/attachment.htm>
More information about the Linux-audit
mailing list