Excluding a script / process and its descendants from audit

Stephen Smalley stephen.smalley.work at gmail.com
Thu Jul 14 17:53:26 UTC 2022

Previous message (by thread): [PATCH v37 00/33] LSM: Module stacking for AppArmor
Next message (by thread): Excluding a script / process and its descendants from audit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Is it possible to exclude a script from triggering audit records?
I know that one can exclude an executable via -a never,exit -F
exe=/path/to/exe but I haven't been able to find a way to do the same
for a script.
Also, is there a way to have the exclusion applied to all child
processes spawned by the script?

Thanks.

Previous message (by thread): [PATCH v37 00/33] LSM: Module stacking for AppArmor
Next message (by thread): Excluding a script / process and its descendants from audit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list