Audit ipset changes?
Andreas Hasenack
andreas at canonical.com
Fri Feb 26 18:21:09 UTC 2021
Hi,
is there a way to audit ipset changes?
The closest I got was to log the specific "socket(AF_NETLINK, SOCK_RAW,
NETLINK_NETFILTER)" call that ipset makes, but that obviously also triggers
read-only operations like "ipset list", and any other app that opens suck a
socket.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20210226/6855a548/attachment.htm>
More information about the Linux-audit
mailing list