last restart of auditd - in EPOCH time
warron.french
warron.french at gmail.com
Wed Aug 4 19:25:40 UTC 2021
Is there a hidden switch option to auditctl that would tell me the last
time auditd was restart specifically in epoch (down to the second)?
If my rules are changed to non-immutable ( -e 1 ) rebooted, and then
changed back to immutable ( -e 2 ), then I discover this weeks later, then
I will not know for sure which was most recently updated/restarted.
That is the reason for the question. I am doing this for a hardening
script that will tell me based on known recent changes (as of script
execution), but I cannot properly/successfully assess for dates outside of
a day or so. :-/
Any ideas would be appreciated,
--------------------------
Warron French
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20210804/c0d75bd1/attachment.htm>
More information about the Linux-audit
mailing list