How to filter PROCTITLE events
Steve Grubb
sgrubb at redhat.com
Wed Jul 24 12:14:02 UTC 2019
On Wednesday, July 24, 2019 5:27:59 AM EDT 杨海 wrote:
> Hi
>
> I am looking for the method to filter the PROCTITLE events via auditctl.
>
> It is said we can do it, but I could not figure out how.
Did you read about the exclude filter? :-)
> "The proctitle event is emitted during syscall audits, and can be filtered
> with auditctl."
-a always,exclude -F msgtype=PROCTITLE
There is another example in the 20-dont-audit.rules file.
-Steve
More information about the Linux-audit
mailing list